diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 1525b4a644d0e1b3a19d81ff525a7654e4b0b8f0..32d74a6d1798d593c9a3f8b3c49c014a42beda58 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -507,7 +507,7 @@ class installer_dist extends installer_base {
$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{hostname}', $conf['hostname'], $content);
- $content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
+ $content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 69e15838a960c42ffe235ead964b255622075ffe..aff01fce1d9ff5026240c8b1d4e5c0933a87bd61 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -91,8 +91,19 @@
- Header always add Strict-Transport-Security "max-age=15768000"
- RequestHeader unset Proxy early
+ # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
+ Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
+ Header set X-Content-Type-Options: nosniff
+ Header set X-Frame-Options: SAMEORIGIN
+ Header set X-XSS-Protection: "1; mode=block"
+ Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
+ = 2.4.7>
+ Header setifempty Strict-Transport-Security "max-age=15768000"
+
+
+ Header set Strict-Transport-Security "max-age=15768000"
+
+ RequestHeader unset Proxy early
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index b107ca3624e3f6548bb0b70f37e7da7397e0f282..89595f5aaf350791fa81b82e0fec1f086ebd8a18 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -62,7 +62,11 @@ class app {
$this->_conf = $conf;
if($this->_conf['start_db'] == true) {
$this->load('db_'.$this->_conf['db_type']);
- $this->db = new db;
+ try {
+ $this->db = new db;
+ } catch (Exception $e) {
+ $this->db = false;
+ }
}
//* Start the session
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index e3bf695dfcd8cc5b339131ed00f7ea6e5f7341fd..b03ad55676ddb3c30cf01c4e12eed534865d8585 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -1,4 +1,12 @@
dbHost = $conf[$prefix.'db_host'];
- $this->dbPort = $conf[$prefix.'db_port'];
- $this->dbName = $conf[$prefix.'db_database'];
- $this->dbUser = $conf[$prefix.'db_user'];
- $this->dbPass = $conf[$prefix.'db_password'];
- $this->dbCharset = $conf[$prefix.'db_charset'];
- $this->dbNewLink = $conf[$prefix.'db_new_link'];
- $this->dbClientFlags = $conf[$prefix.'db_client_flags'];
+ public function __construct($host = NULL , $user = NULL, $pass = NULL, $database = NULL, $port = NULL, $flags = NULL) {
+ global $app, $conf;
+
+ $this->dbHost = $host ? $host : $conf['db_host'];
+ $this->dbPort = $port ? $port : $conf['db_port'];
+ $this->dbName = $database ? $database : $conf['db_database'];
+ $this->dbUser = $user ? $user : $conf['db_user'];
+ $this->dbPass = $pass ? $pass : $conf['db_password'];
+ $this->dbCharset = $conf['db_charset'];
+ $this->dbClientFlags = ($flags !== NULL) ? $flags : $conf['db_client_flags'];
$this->_iConnId = mysqli_init();
mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
- for($try=0;(!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5;++$try) {
+ for($try=0;(!is_object($this->_iConnId) || mysqli_connect_errno()) && $try < 5;++$try) {
sleep($try);
- mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
+ if(!is_object($this->_iConnId)) {
+ $this->_iConnId = mysqli_init();
+ }
+ if(!mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags)) {
+ $this->_sqlerror('Database connection failed');
+ }
}
- if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ if(!is_object($this->_iConnId) || mysqli_connect_errno()) {
$this->_iConnId = null;
- $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
- return false;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!', '', true); // sets errorMessage
+ throw new Exception($this->errorMessage);
}
if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
$this->close();
- $this->_sqlerror('Datenbank nicht gefunden / Database not found');
- return false;
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found', '', true); // sets errorMessage
+ throw new Exception($this->errorMessage);
}
$this->_setCharset();
@@ -105,6 +116,23 @@ class db {
$this->_iConnId = null;
}
+ /*
+ * Test mysql connection.
+ *
+ * @return boolean returns true if db connection is good.
+ */
+ public function testConnection() {
+ if(mysqli_connect_errno()) {
+ return false;
+ }
+ return (boolean)(is_object($this->_iConnId) && mysqli_ping($this->_iConnId));
+ }
+
+ /* This allows our private variables to be "read" out side of the class */
+ public function __get($var) {
+ return isset($this->$var) ? $this->$var : NULL;
+ }
+
public function _build_query_string($sQuery = '') {
$iArgs = func_num_args();
if($iArgs > 1) {
@@ -127,7 +155,7 @@ class db {
if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
$sTxt = $this->escape($sValue);
-
+
$sTxt = str_replace('`', '', $sTxt);
if(strpos($sTxt, '.') !== false) {
$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
@@ -169,33 +197,33 @@ class db {
/**#@+
- * @access private
- */
+ * @access private
+ */
private function _setCharset() {
- mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
- mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ $this->query('SET NAMES '.$this->dbCharset);
+ $this->query("SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
}
-
+
private function securityScan($string) {
global $app, $conf;
-
+
// get security config
if(isset($app)) {
$app->uses('getconf');
$ids_config = $app->getconf->get_security_config('ids');
-
+
if($ids_config['sql_scan_enabled'] == 'yes') {
-
+
// Remove whitespace
$string = trim($string);
if(substr($string,-1) == ';') $string = substr($string,0,-1);
-
+
// Save original string
$string_orig = $string;
-
+
//echo $string;
$chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
-
+
$string = str_replace('\\\\', '', $string);
$string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
@@ -239,14 +267,28 @@ class db {
$try = 0;
do {
$try++;
- $ok = mysqli_ping($this->_iConnId);
+ $ok = (is_object($this->_iConnId)) ? mysqli_ping($this->_iConnId) : false;
if(!$ok) {
- if(!mysqli_real_connect(mysqli_init(), $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
- if($try > 4) {
- $this->_sqlerror('DB::query -> reconnect');
+ if(!is_object($this->_iConnId)) {
+ $this->_iConnId = mysqli_init();
+ }
+ if(!mysqli_real_connect($this->_isConnId, $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
+ if(mysqli_connect_errno() == '111') {
+ // server is not available
+ if($try > 9) {
+ if(isset($app) && isset($app->forceErrorExit)) {
+ $app->forceErrorExit('Database connection failure!');
+ }
+ // if we reach this, the app object is missing or has no exit method, so we continue as normal
+ }
+ sleep(30); // additional seconds, please!
+ }
+
+ if($try > 9) {
+ $this->_sqlerror('db::_query -> reconnect', '', true);
return false;
} else {
- sleep(1);
+ sleep(($try > 7 ? 5 : 1));
}
} else {
$this->_setCharset();
@@ -258,7 +300,7 @@ class db {
$aArgs = func_get_args();
$sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
$this->securityScan($sQuery);
- $this->_iQueryId = @mysqli_query($this->_iConnId, $sQuery);
+ $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
if (!$this->_iQueryId) {
$this->_sqlerror('Falsche Anfrage / Wrong Query', 'SQL-Query = ' . $sQuery);
return false;
@@ -390,7 +432,7 @@ class db {
}
public function query_all_array($sQuery = '') {
- return $this->queryAllArray($sQuery);
+ return call_user_func_array(array(&$this, 'queryAllArray'), func_get_args());
}
@@ -404,13 +446,14 @@ class db {
* @return int id of last inserted row or 0 if none
*/
public function insert_id() {
- $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
- if(!is_object($iRes)) return false;
-
- $aReturn = mysqli_fetch_assoc($iRes);
- mysqli_free_result($iRes);
-
- return $aReturn['newid'];
+ $oResult = $this->query('SELECT LAST_INSERT_ID() as `newid`');
+ if(!$oResult) {
+ $this->_sqlerror('Unable to select last_insert_id()');
+ return false;
+ }
+ $aReturn = $oResult->get();
+ $oResult->free();
+ return isset($aReturn['newid']) ? $aReturn['newid'] : 0;
}
@@ -431,6 +474,7 @@ class db {
}
+
/**
* check if a utf8 string is valid
*
@@ -470,7 +514,7 @@ class db {
public function escape($sString) {
global $app;
if(!is_string($sString) && !is_numeric($sString)) {
- $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_DEBUG);
+ $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
//$sAddMsg = getDebugBacktrace();
$app->log($sAddMsg, LOGLEVEL_DEBUG);
$sString = '';
@@ -479,7 +523,7 @@ class db {
$cur_encoding = mb_detect_encoding($sString);
if($cur_encoding != "UTF-8") {
if($cur_encoding != 'ASCII') {
- if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG);
+ if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
else $sString = mb_convert_encoding($sString, 'UTF-8');
}
@@ -496,20 +540,27 @@ class db {
*
* @access private
*/
- private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
+ private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '', $bNoLog = false) {
global $app, $conf;
- $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
- $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+ $mysql_errno = mysqli_connect_errno();
+ $mysql_error = mysqli_connect_error();
+ if ($mysql_errno === 0 && is_object($this->_iConnId)) {
+ $mysql_errno = mysqli_errno($this->_iConnId);
+ $mysql_error = mysqli_error($this->_iConnId);
+ }
+ $this->errorNumber = $mysql_error;
$this->errorMessage = $mysql_error;
//$sAddMsg .= getDebugBacktrace();
if($this->show_error_messages && $conf['demo_mode'] === false) {
echo $sErrormsg . $sAddMsg;
- } else if(is_object($app) && method_exists($app, 'log')) {
- $app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
- }
+ } elseif(is_object($app) && method_exists($app, 'log') && $bNoLog == false) {
+ $app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN, false);
+ } elseif(php_sapi_name() == 'cli') {
+ echo $sErrormsg . $sAddMsg;
+ }
}
public function affectedRows() {
@@ -541,27 +592,27 @@ class db {
}
return $out;
}
-
+
public function insertFromArray($tablename, $data) {
if(!is_array($data)) return false;
-
+
$k_query = '';
$v_query = '';
-
+
$params = array($tablename);
$v_params = array();
-
+
foreach($data as $key => $value) {
$k_query .= ($k_query != '' ? ', ' : '') . '??';
$v_query .= ($v_query != '' ? ', ' : '') . '?';
$params[] = $key;
$v_params[] = $value;
}
-
+
$query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
return $this->query($query, true, array_merge($params, $v_params));
}
-
+
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
$diff_num = 0;
@@ -597,15 +648,47 @@ class db {
}
+ /**
+ * Function to get the database-size
+ * @param string $database_name
+ * @return int - database-size in bytes
+ */
+ public function getDatabaseSize($database_name) {
+ global $app, $conf;
+ static $db=null;
+
+ if ( ! $db ) {
+ $clientdb_host = ($conf['db_host']) ? $conf['db_host'] : NULL;
+ $clientdb_user = ($conf['db_user']) ? $conf['db_user'] : NULL;
+ $clientdb_password = ($conf['db_password']) ? $conf['db_password'] : NULL;
+ $clientdb_port = ((int)$conf['db_port']) ? (int)$conf['db_port'] : NULL;
+ $clientdb_flags = ($conf['db_flags'] !== NULL) ? $conf['db_flags'] : NULL;
+
+ require_once 'lib/mysql_clientdb.conf';
+
+ $db = new db($clientdb_host, $clientdb_user, $clientdb_password, NULL, $clientdb_port, $clientdb_flags);
+ }
+
+ $result = $db->_query("SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".$db->escape($database_name)."'");
+ if(!$result) {
+ $db->_sqlerror('Unable to determine the size of database ' . $database_name);
+ return;
+ }
+ $database_size = $result->getAsRow();
+ $result->free();
+ return $database_size[0] ? $database_size[0] : 0;
+ }
+
//** Function to fill the datalog with a full differential record.
public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
- global $app, $conf;
+ global $app;
- // Check fields
- if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
- if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
-
- $primary_id = intval($primary_id);
+ // Insert backticks only for incomplete table names.
+ if(stristr($db_table, '.')) {
+ $escape = '';
+ } else {
+ $escape = '`';
+ }
if($force_update == true) {
//* We force a update even if no record has changed
@@ -625,12 +708,13 @@ class db {
if($diff_num > 0) {
- //print_r($diff_num);
- //print_r($diffrec_full);
$diffstr = serialize($diffrec_full);
- $username = $_SESSION['s']['user']['username'];
+ if(isset($_SESSION)) {
+ $username = $_SESSION['s']['user']['username'];
+ } else {
+ $username = 'admin';
+ }
$dbidx = $primary_field.':'.$primary_id;
- if(trim($username) == '') $username = 'none';
if($action == 'INSERT') $action = 'i';
if($action == 'UPDATE') $action = 'u';
@@ -645,11 +729,11 @@ class db {
//** Inserts a record and saves the changes into the datalog
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
-
+
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
-
+
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
@@ -688,7 +772,7 @@ class db {
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
-
+
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
@@ -723,7 +807,7 @@ class db {
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
-
+
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = array();
@@ -732,13 +816,20 @@ class db {
return true;
}
+ //** Deletes a record and saves the changes into the datalog
+ public function datalogError($errormsg) {
+ global $app;
+
+ if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
+
+ return true;
+ }
+
//* get the current datalog status for the specified login (or currently logged in user)
public function datalogStatus($login = '') {
global $app;
$return = array('count' => 0, 'entries' => array());
- //if($_SESSION['s']['user']['typ'] == 'admin') return $return; // these information should not be displayed to admin users
- // removed in favor of new non intrusive datalogstatus notification header
if($login == '' && isset($_SESSION['s']['user'])) {
$login = $_SESSION['s']['user']['username'];
@@ -747,14 +838,24 @@ class db {
$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
foreach($result as $row) {
if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
- $return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable']));
- $return['count'] += $row['cnt'];
+ $return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable'])); $return['count'] += $row['cnt'];
}
unset($result);
return $return;
}
+
+ public function freeResult($query)
+ {
+ if(is_object($query) && (get_class($query) == "mysqli_result")) {
+ $query->free();
+ return true;
+ } else {
+ return false;
+ }
+ }
+
/*
$columns = array(action => add | alter | drop
name => Spaltenname
@@ -879,15 +980,6 @@ class db {
if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
- /*
- $name = $row[0];
- $default = $row[4];
- $key = $row[3];
- $extra = $row[5];
- $isnull = $row[2];
- $type = $row[1];
- */
-
$name = $row['Field'];
$default = $row['Default'];
$key = $row['Key'];
@@ -988,7 +1080,7 @@ class db {
return 'char';
break;
case 'varchar':
- if($typeValue < 1) die('Database failure: Lenght required for these data types.');
+ if($typeValue < 1) die('Database failure: Length required for these data types.');
return 'varchar('.$typeValue.')';
break;
case 'text':
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index f4a90beda9ae46276598d9381e0206dcf0e3ac4c..3e93cd4314faded0b1f32e7a0e0b094a183de693 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -36,7 +36,11 @@ class session {
private $permanent = false;
function __construct($session_timeout = 0) {
- $this->db = new db;
+ try {
+ $this->db = new db;
+ } catch (Exception $e) {
+ $this->db = false;
+ }
$this->timeout = $session_timeout;
}
diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index 01293abd6dee259d722f64417c4bc311129bf935..57187805cf926289f450b31088cf3540b36a7fb8 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -191,7 +191,7 @@ class validate_domain {
/* internal validator function to match regexp */
function _regex_validate($domain_name, $allow_wildcard = false) {
- $pattern = '/^' . ($allow_wildcard == true ? '(\*\.)?' : '') . '[\w\.\-]{2,255}\.[a-zA-Z0-9\-]{2,30}$/';
+ $pattern = '/^' . ($allow_wildcard == true ? '(\*\.)?' : '') . '[\w\.\-]{1,255}\.[a-zA-Z0-9\-]{2,30}$/';
return preg_match($pattern, $domain_name);
}
diff --git a/interface/lib/classes/validate_password.inc.php b/interface/lib/classes/validate_password.inc.php
index f36f16220cfca1ae3f76cd600a4bd864639300b5..a0f6de2e969f3d21fec6546f41f01d5790d07a47 100644
--- a/interface/lib/classes/validate_password.inc.php
+++ b/interface/lib/classes/validate_password.inc.php
@@ -71,7 +71,7 @@ class validate_password {
} else if ($points == 1) {
if ($length >= 5 && $length <= 6) {
return 2;
- } else if (length >= 7 && length <=10) {
+ } else if ($length >= 7 && $length <=10) {
return 3;
} else {
return 4;
diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php
index b126d95a50468652a69681a5aced92759ed8d2ec..a3f6f905dc7187753c1d5acd2d68b0a199ea188e 100644
--- a/interface/web/dashboard/dashlets/databasequota.php
+++ b/interface/web/dashboard/dashlets/databasequota.php
@@ -8,6 +8,11 @@ class dashlet_databasequota {
//* Loading Template
$app->uses('tpl,quota_lib');
+ $modules = $_SESSION['s']['user']['modules'];
+ if (!in_array($modules, 'sites')) {
+ return '';
+ }
+
$tpl = new tpl;
$tpl->newTemplate("dashlets/templates/databasequota.htm");
diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php
index 6ff975b6235f368a14597ac72d5d461ff19d83f2..f94150a0fffdcdbfdd2cd1b1abff92546b53848e 100644
--- a/interface/web/dashboard/dashlets/quota.php
+++ b/interface/web/dashboard/dashlets/quota.php
@@ -8,6 +8,11 @@ class dashlet_quota {
//* Loading Template
$app->uses('tpl,quota_lib');
+ $modules = $_SESSION['s']['user']['modules'];
+ if (!in_array($modules, 'sites')) {
+ return '';
+ }
+
$tpl = new tpl;
$tpl->newTemplate("dashlets/templates/quota.htm");
diff --git a/interface/web/themes/default/assets/stylesheets/ispconfig.css b/interface/web/themes/default/assets/stylesheets/ispconfig.css
index c4e4459e2002d65c05126ef722482a14353429ef..049322f29c9ac346bda1246f79e1399ea53d3e4d 100644
--- a/interface/web/themes/default/assets/stylesheets/ispconfig.css
+++ b/interface/web/themes/default/assets/stylesheets/ispconfig.css
@@ -25,6 +25,9 @@ body {
.form-group input[type='checkbox'] {
margin-top: 10px; }
+.form-group .checkbox-inline input[type='checkbox'] {
+ margin-top: 4px; }
+
.control-label {
font-weight: normal; }
.control-label:after {
diff --git a/interface/web/themes/default/assets/stylesheets/ispconfig.sass b/interface/web/themes/default/assets/stylesheets/ispconfig.sass
index 9855d07dc1ccbdded77d195b1796753506d919fd..3ea081053405df2cbbe81b98661e1f3e9d9cc055 100644
--- a/interface/web/themes/default/assets/stylesheets/ispconfig.sass
+++ b/interface/web/themes/default/assets/stylesheets/ispconfig.sass
@@ -25,6 +25,9 @@ body
.form-group input[type='checkbox']
margin-top: 10px
+.form-group .checkbox-inline input[type='checkbox']
+ margin-top: 4px
+
.control-label
font-weight: normal
@@ -311,4 +314,4 @@ thead.dark
.input-group-field:last-child
border-top-left-radius: 0
- border-bottom-left-radius: 0
\ No newline at end of file
+ border-bottom-left-radius: 0
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 12bd03529673c39a8b5d9979e2f4cf4bc6a84111..d1b4e1af3b05e86624e9b9d500f7c6664d996488 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -49,32 +49,27 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
//* CSRF Check
$app->auth->csrf_token_check();
- //* Set variable sin template
+ //* Set variables in template
$app->tpl->setVar('dbhost', $_POST['dbhost'], true);
$app->tpl->setVar('dbname', $_POST['dbname'], true);
$app->tpl->setVar('dbuser', $_POST['dbuser'], true);
$app->tpl->setVar('dbpassword', $_POST['dbpassword'], true);
+ $app->tpl->setVar('dbssl', 'true', true);
//* Establish connection to external database
$msg .= 'Connecting to external database...
';
- //* Backup DB login details
- /*$conf_bak['db_host'] = $conf['db_host'];
- $conf_bak['db_database'] = $conf['db_database'];
- $conf_bak['db_user'] = $conf['db_user'];
- $conf_bak['db_password'] = $conf['db_password'];*/
+ //* Set external db client flags
+ $db_client_flags = 0;
+ if(isset($_POST['dbssl']) && $_POST['dbssl'] == 1) $db_client_flags |= MYSQLI_CLIENT_SSL;
- //* Set external Login details
- $conf['imp_db_host'] = $_POST['dbhost'];
- $conf['imp_db_database'] = $_POST['dbname'];
- $conf['imp_db_user'] = $_POST['dbuser'];
- $conf['imp_db_password'] = $_POST['dbpassword'];
- $conf['imp_db_charset'] = $conf['db_charset'];
- $conf['imp_db_new_link'] = $conf['db_new_link'];
- $conf['imp_db_client_flags'] = $conf['db_client_flags'];
-
- //* create new db object
- $exdb = new db('imp');
+ //* create new db object with external login details
+ try {
+ $exdb = new db($_POST['dbhost'], $_POST['dbuser'], $_POST['dbpassword'], $_POST['dbname'], 3306, $db_client_flags);
+ } catch (Exception $e) {
+ $error .= "Error connecting to Tupa database" . ($e->getMessage() ? ": " . $e->getMessage() : '.') . "
\n";
+ $exdb = false;
+ }
$server_id = 1;
$sys_userid = 1;
@@ -159,26 +154,13 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
);
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
//$msg .= $insert_data.'
';
-
}
}
}
-
}
}
-
-
-
- } else {
- $error .= $exdb->errorMessage;
}
- //* restore db login details
- /*$conf['db_host'] = $conf_bak['db_host'];
- $conf['db_database'] = $conf_bak['db_database'];
- $conf['db_user'] = $conf_bak['db_user'];
- $conf['db_password'] = $conf_bak['db_password'];*/
-
}
$app->tpl->setVar('msg', $msg);
diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php
index 0209c80e28d6dc43aff100acfaa0ac2d9d555f89..3e732d3740923cb32457409f9d5260b086ac08a4 100644
--- a/interface/web/tools/import_vpopmail.php
+++ b/interface/web/tools/import_vpopmail.php
@@ -52,17 +52,17 @@ $app->tpl->setVar($wb);
if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
- //* Set external Login details
- $conf['imp_db_host'] = $_POST['db_hostname'];
- $conf['imp_db_database'] = $_POST['db_name'];
- $conf['imp_db_user'] = $_POST['db_user'];
- $conf['imp_db_password'] = $_POST['db_password'];
- $conf['imp_db_charset'] = 'utf8';
- $conf['imp_db_new_link'] = false;
- $conf['imp_db_client_flags'] = 0;
-
- //* create new db object
- $exdb = new db('imp');
+ //* Set external db client flags
+ $db_client_flags = 0;
+ if(isset($_POST['db_ssl']) && $_POST['db_ssl'] == 1) $db_client_flags |= MYSQLI_CLIENT_SSL;
+
+ //* create new db object with external login details
+ try {
+ $exdb = new db($_POST['db_hostname'], $_POST['db_user'], $_POST['db_password'], $_POST['db_name'], 3306, $db_client_flags);
+ } catch (Exception $e) {
+ $error .= "Error connecting to database" . ($e->getMessage() ? ": " . $e->getMessage() : '.') . "
\n";
+ $exdb = false;
+ }
if($exdb !== false) {
$msg .= 'Databse connection succeeded
';
@@ -75,9 +75,6 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
} else {
$msg .= 'The server with the ID $local_server_id is not a mail server.
';
}
-
- } else {
- $msg .= 'Database connection failed
';
}
} else {
@@ -88,6 +85,7 @@ $app->tpl->setVar('db_hostname', $_POST['db_hostname'], true);
$app->tpl->setVar('db_user', $_POST['db_user'], true);
$app->tpl->setVar('db_password', $_POST['db_password'], true);
$app->tpl->setVar('db_name', $_POST['db_name'], true);
+$app->tpl->setVar('db_ssl', 'true', true);
$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
diff --git a/interface/web/tools/templates/dns_import_tupa.htm b/interface/web/tools/templates/dns_import_tupa.htm
index 2d37a6a0419fec37ada787f3ec33d989bfbc250c..cd47f431e017f967aa316fce7fbe75d528cdcb65 100644
--- a/interface/web/tools/templates/dns_import_tupa.htm
+++ b/interface/web/tools/templates/dns_import_tupa.htm
@@ -4,22 +4,27 @@
-
+
@@ -34,4 +39,4 @@
\ No newline at end of file
+
diff --git a/interface/web/tools/templates/import_vpopmail.htm b/interface/web/tools/templates/import_vpopmail.htm
index 749ce74a411d1543ca0aec6a07c65948f14c709e..7876875b9828e9bc9d1f2be90b75bf3449f268c0 100644
--- a/interface/web/tools/templates/import_vpopmail.htm
+++ b/interface/web/tools/templates/import_vpopmail.htm
@@ -8,26 +8,31 @@
diff --git a/server/lib/app.inc.php b/server/lib/app.inc.php
index ce2a5484fcf5efc8671727a954d5897259b8fa2a..86df2a86f6b43181d8ba137a326d8cbf3fd643de 100644
--- a/server/lib/app.inc.php
+++ b/server/lib/app.inc.php
@@ -43,7 +43,11 @@ class app {
if($conf['start_db'] == true) {
$this->load('db_'.$conf['db_type']);
- $this->db = new db;
+ try {
+ $this->db = new db;
+ } catch (Exception $e) {
+ $this->db = false;
+ }
/*
Initialize the connection to the master DB,
@@ -51,7 +55,11 @@ class app {
*/
if($conf['dbmaster_host'] != '' && ($conf['dbmaster_host'] != $conf['db_host'] || ($conf['dbmaster_host'] == $conf['db_host'] && $conf['dbmaster_database'] != $conf['db_database']))) {
- $this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database'], $conf['dbmaster_port'], $conf['dbmaster_client_flags']);
+ try {
+ $this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database'], $conf['dbmaster_port'], $conf['dbmaster_client_flags']);
+ } catch (Exception $e) {
+ $this->dbmaster = false;
+ }
} else {
$this->dbmaster = $this->db;
}
diff --git a/server/lib/classes/cron.d/100-monitor_database_size.inc.php b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
index d2981dd31451de58df3816c5b71ce9128fc35f74..97f12253717980eb1bdbdded76b211d2b7a64777 100644
--- a/server/lib/classes/cron.d/100-monitor_database_size.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
@@ -95,12 +95,12 @@ class cronjob_monitor_database_size extends cronjob {
if(!is_numeric($quota)) continue;
if($quota < 1 || $quota > $data[$i]['size']) {
- print $rec['database_name'] . ' does not exceed quota qize: ' . $quota . ' > ' . $data[$i]['size'] . "\n";
+ print 'database ' . $rec['database_name'] . ' size does not exceed quota: ' . ($quota < 1 ? 'unlimited' : $quota) . ' (quota) > ' . $data[$i]['size'] . " (used)\n";
if($rec['quota_exceeded'] == 'y') {
$app->dbmaster->datalogUpdate('web_database', array('quota_exceeded' => 'n'), 'database_id', $rec['database_id']);
}
} elseif($rec['quota_exceeded'] == 'n') {
- print $rec['database_name'] . ' exceeds quota qize: ' . $quota . ' < ' . $data[$i]['size'] . "\n";
+ print 'database ' . $rec['database_name'] . ' size exceeds quota: ' . $quota . ' (quota) < ' . $data[$i]['size'] . " (used)\n";
$app->dbmaster->datalogUpdate('web_database', array('quota_exceeded' => 'y'), 'database_id', $rec['database_id']);
}
}
diff --git a/server/lib/classes/cron.d/200-ftplogfiles.inc.php b/server/lib/classes/cron.d/200-ftplogfiles.inc.php
index e471967555bf33dd6f3bcdf66244ea9a1bc2e5f7..36b43352404153dcde58ee8e857de9bd6830011d 100644
--- a/server/lib/classes/cron.d/200-ftplogfiles.inc.php
+++ b/server/lib/classes/cron.d/200-ftplogfiles.inc.php
@@ -71,24 +71,26 @@ class cronjob_ftplogfiles extends cronjob {
}
}
- $fp = fopen('/var/log/pure-ftpd/transfer.log.1', 'r');
+ $fp = @fopen('/var/log/pure-ftpd/transfer.log.1', 'r');
$ftp_traffic = array();
- // cumule des stats journalière dans un tableau
- while($line = fgets($fp))
- {
- $parsed_line = parse_ftp_log($line);
-
- $sql = "SELECT wd.domain FROM ftp_user AS fu INNER JOIN web_domain AS wd ON fu.parent_domain_id = wd.domain_id WHERE fu.username = ? ";
- $temp = $app->db->queryOneRecord($sql, $parsed_line['username'] );
-
- $parsed_line['domain'] = $temp['domain'];
-
- add_ftp_traffic($ftp_traffic, $parsed_line);
+ if ($fp) {
+ // cumule des stats journalière dans un tableau
+ while($line = fgets($fp))
+ {
+ $parsed_line = parse_ftp_log($line);
+
+ $sql = "SELECT wd.domain FROM ftp_user AS fu INNER JOIN web_domain AS wd ON fu.parent_domain_id = wd.domain_id WHERE fu.username = ? ";
+ $temp = $app->db->queryOneRecord($sql, $parsed_line['username'] );
+
+ $parsed_line['domain'] = $temp['domain'];
+
+ add_ftp_traffic($ftp_traffic, $parsed_line);
+ }
+
+ fclose($fp);
}
-
- fclose($fp);
-
+
// Save du tableau en BD
foreach($ftp_traffic as $traffic_date => $all_traffic)
{
@@ -123,4 +125,4 @@ class cronjob_ftplogfiles extends cronjob {
}
}
-?>
\ No newline at end of file
+?>
diff --git a/server/lib/classes/cron.d/500-backup_mail.inc.php b/server/lib/classes/cron.d/500-backup_mail.inc.php
index a6807021df866ab9f7d29986134e4bb3c7a0460f..b05caf70d70af4fc6c86c9c1c3243bf834b2242c 100644
--- a/server/lib/classes/cron.d/500-backup_mail.inc.php
+++ b/server/lib/classes/cron.d/500-backup_mail.inc.php
@@ -242,7 +242,7 @@ class cronjob_backup_mail extends cronjob {
if(!is_file($mail_backup_dir.'/'.$backup['filename'])){
$sql = "DELETE FROM mail_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
$app->db->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
- if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql);
+ if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
}
}
}
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 4eb691ce4422dc6c3683957b3b73f6f0e5c7d4e1..b03ad55676ddb3c30cf01c4e12eed534865d8585 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -1,4 +1,12 @@
dbUser = $user ? $user : $conf['db_user'];
$this->dbPass = $pass ? $pass : $conf['db_password'];
$this->dbCharset = $conf['db_charset'];
- $this->dbNewLink = $conf['db_new_link'];
- $this->dbClientFlags = $flags ? $flags : $conf['db_client_flags'];
+ $this->dbClientFlags = ($flags !== NULL) ? $flags : $conf['db_client_flags'];
$this->_iConnId = mysqli_init();
mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
- for($try=0;(!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5;++$try) {
+ for($try=0;(!is_object($this->_iConnId) || mysqli_connect_errno()) && $try < 5;++$try) {
sleep($try);
- mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
+ if(!is_object($this->_iConnId)) {
+ $this->_iConnId = mysqli_init();
+ }
+ if(!mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags)) {
+ $this->_sqlerror('Database connection failed');
+ }
}
- if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ if(!is_object($this->_iConnId) || mysqli_connect_errno()) {
$this->_iConnId = null;
- $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!', '', true);
- return false;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!', '', true); // sets errorMessage
+ throw new Exception($this->errorMessage);
}
if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
$this->close();
- $this->_sqlerror('Datenbank nicht gefunden / Database not found', '', true);
- return false;
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found', '', true); // sets errorMessage
+ throw new Exception($this->errorMessage);
}
$this->_setCharset();
@@ -106,6 +116,18 @@ class db
$this->_iConnId = null;
}
+ /*
+ * Test mysql connection.
+ *
+ * @return boolean returns true if db connection is good.
+ */
+ public function testConnection() {
+ if(mysqli_connect_errno()) {
+ return false;
+ }
+ return (boolean)(is_object($this->_iConnId) && mysqli_ping($this->_iConnId));
+ }
+
/* This allows our private variables to be "read" out side of the class */
public function __get($var) {
return isset($this->$var) ? $this->$var : NULL;
@@ -134,6 +156,7 @@ class db
if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
$sTxt = $this->escape($sValue);
+ $sTxt = str_replace('`', '', $sTxt);
if(strpos($sTxt, '.') !== false) {
$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
$sTxt = str_replace('.`*`', '.*', $sTxt);
@@ -174,17 +197,68 @@ class db
/**#@+
- * @access private
- */
+ * @access private
+ */
private function _setCharset() {
- mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
- mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ $this->query('SET NAMES '.$this->dbCharset);
+ $this->query("SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ }
+
+ private function securityScan($string) {
+ global $app, $conf;
+
+ // get security config
+ if(isset($app)) {
+ $app->uses('getconf');
+ $ids_config = $app->getconf->get_security_config('ids');
+
+ if($ids_config['sql_scan_enabled'] == 'yes') {
+
+ // Remove whitespace
+ $string = trim($string);
+ if(substr($string,-1) == ';') $string = substr($string,0,-1);
+
+ // Save original string
+ $string_orig = $string;
+
+ //echo $string;
+ $chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
+
+ $string = str_replace('\\\\', '', $string);
+ $string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
+ $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
+ $ok = true;
+
+ if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) {
+ $app->log("SQL injection warning (" . $string_orig . ")",2);
+ $ok = false;
+ } else {
+ foreach($chars as $char) {
+ if(strpos($string, $char) !== false) {
+ $ok = false;
+ $app->log("SQL injection warning (" . $string_orig . ")",2);
+ break;
+ }
+ }
+ }
+ if($ok == true) {
+ return true;
+ } else {
+ if($ids_config['sql_scan_action'] == 'warn') {
+ // we return false in warning level.
+ return false;
+ } else {
+ // if sql action = 'block' or anything else then stop here.
+ $app->error('Possible SQL injection. All actions have been logged.');
+ }
+ }
+ }
+ }
}
private function _query($sQuery = '') {
global $app;
- //if($this->isConnected == false) return false;
if ($sQuery == '') {
$this->_sqlerror('Keine Anfrage angegeben / No query given');
return false;
@@ -193,10 +267,13 @@ class db
$try = 0;
do {
$try++;
- $ok = mysqli_ping($this->_iConnId);
+ $ok = (is_object($this->_iConnId)) ? mysqli_ping($this->_iConnId) : false;
if(!$ok) {
- if(!mysqli_real_connect(mysqli_init(), $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
- if($this->errorNumber == '111') {
+ if(!is_object($this->_iConnId)) {
+ $this->_iConnId = mysqli_init();
+ }
+ if(!mysqli_real_connect($this->_isConnId, $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
+ if(mysqli_connect_errno() == '111') {
// server is not available
if($try > 9) {
if(isset($app) && isset($app->forceErrorExit)) {
@@ -208,7 +285,7 @@ class db
}
if($try > 9) {
- $this->_sqlerror('DB::query -> reconnect', '', true);
+ $this->_sqlerror('db::_query -> reconnect', '', true);
return false;
} else {
sleep(($try > 7 ? 5 : 1));
@@ -222,7 +299,7 @@ class db
$aArgs = func_get_args();
$sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
-
+ $this->securityScan($sQuery);
$this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
if (!$this->_iQueryId) {
$this->_sqlerror('Falsche Anfrage / Wrong Query', 'SQL-Query = ' . $sQuery);
@@ -369,13 +446,14 @@ class db
* @return int id of last inserted row or 0 if none
*/
public function insert_id() {
- $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
- if(!is_object($iRes)) return false;
-
- $aReturn = mysqli_fetch_assoc($iRes);
- mysqli_free_result($iRes);
-
- return $aReturn['newid'];
+ $oResult = $this->query('SELECT LAST_INSERT_ID() as `newid`');
+ if(!$oResult) {
+ $this->_sqlerror('Unable to select last_insert_id()');
+ return false;
+ }
+ $aReturn = $oResult->get();
+ $oResult->free();
+ return isset($aReturn['newid']) ? $aReturn['newid'] : 0;
}
@@ -465,8 +543,13 @@ class db
private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '', $bNoLog = false) {
global $app, $conf;
- $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
- $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+ $mysql_errno = mysqli_connect_errno();
+ $mysql_error = mysqli_connect_error();
+ if ($mysql_errno === 0 && is_object($this->_iConnId)) {
+ $mysql_errno = mysqli_errno($this->_iConnId);
+ $mysql_error = mysqli_error($this->_iConnId);
+ }
+ $this->errorNumber = $mysql_error;
$this->errorMessage = $mysql_error;
//$sAddMsg .= getDebugBacktrace();
@@ -510,6 +593,26 @@ class db
return $out;
}
+ public function insertFromArray($tablename, $data) {
+ if(!is_array($data)) return false;
+
+ $k_query = '';
+ $v_query = '';
+
+ $params = array($tablename);
+ $v_params = array();
+
+ foreach($data as $key => $value) {
+ $k_query .= ($k_query != '' ? ', ' : '') . '??';
+ $v_query .= ($v_query != '' ? ', ' : '') . '?';
+ $params[] = $key;
+ $v_params[] = $value;
+ }
+
+ $query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
+ return $this->query($query, true, array_merge($params, $v_params));
+ }
+
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
$diff_num = 0;
@@ -550,34 +653,35 @@ class db
* @param string $database_name
* @return int - database-size in bytes
*/
+ public function getDatabaseSize($database_name) {
+ global $app, $conf;
+ static $db=null;
+ if ( ! $db ) {
+ $clientdb_host = ($conf['db_host']) ? $conf['db_host'] : NULL;
+ $clientdb_user = ($conf['db_user']) ? $conf['db_user'] : NULL;
+ $clientdb_password = ($conf['db_password']) ? $conf['db_password'] : NULL;
+ $clientdb_port = ((int)$conf['db_port']) ? (int)$conf['db_port'] : NULL;
+ $clientdb_flags = ($conf['db_flags'] !== NULL) ? $conf['db_flags'] : NULL;
- public function getDatabaseSize($database_name) {
- global $app;
-
- include 'lib/mysql_clientdb.conf';
-
- /* Connect to the database */
- $link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysqli_connect_error(), LOGLEVEL_DEBUG);
- return;
+ require_once 'lib/mysql_clientdb.conf';
+
+ $db = new db($clientdb_host, $clientdb_user, $clientdb_password, NULL, $clientdb_port, $clientdb_flags);
}
-
- /* Get database-size from information_schema */
- $result = mysqli_query($link, "SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".mysqli_real_escape_string($link, $database_name)."'");
+
+ $result = $db->_query("SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".$db->escape($database_name)."'");
if(!$result) {
- $app->log('Unable to get the database-size for ' . $database_name . ': '.mysqli_error($link), LOGLEVEL_DEBUG);
+ $db->_sqlerror('Unable to determine the size of database ' . $database_name);
return;
}
- $database_size = mysqli_fetch_row($result);
- mysqli_close($link);
- return $database_size[0];
+ $database_size = $result->getAsRow();
+ $result->free();
+ return $database_size[0] ? $database_size[0] : 0;
}
//** Function to fill the datalog with a full differential record.
public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
- global $app, $conf;
+ global $app;
// Insert backticks only for incomplete table names.
if(stristr($db_table, '.')) {
@@ -626,6 +730,10 @@ class db
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
+ // Check fields
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
@@ -661,6 +769,10 @@ class db
public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
global $app;
+ // Check fields
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
@@ -692,6 +804,10 @@ class db
public function datalogDelete($tablename, $index_field, $index_value) {
global $app;
+ // Check fields
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = array();
@@ -709,6 +825,26 @@ class db
return true;
}
+ //* get the current datalog status for the specified login (or currently logged in user)
+ public function datalogStatus($login = '') {
+ global $app;
+
+ $return = array('count' => 0, 'entries' => array());
+
+ if($login == '' && isset($_SESSION['s']['user'])) {
+ $login = $_SESSION['s']['user']['username'];
+ }
+
+ $result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
+ foreach($result as $row) {
+ if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
+ $return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable'])); $return['count'] += $row['cnt'];
+ }
+ unset($result);
+
+ return $return;
+ }
+
public function freeResult($query)
{
@@ -839,10 +975,10 @@ class db
function tableInfo($table_name) {
- global $go_api, $go_info;
+ global $go_api, $go_info, $app;
// Tabellenfelder einlesen
- if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
+ if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
$name = $row['Field'];
$default = $row['Default'];
@@ -944,7 +1080,7 @@ class db
return 'char';
break;
case 'varchar':
- if($typeValue < 1) die('Database failure: Lenght required for these data types.');
+ if($typeValue < 1) die('Database failure: Length required for these data types.');
return 'varchar('.$typeValue.')';
break;
case 'text':
@@ -953,6 +1089,9 @@ class db
case 'blob':
return 'blob';
break;
+ case 'date':
+ return 'date';
+ break;
}
}
diff --git a/server/lib/classes/monitor_tools.inc.php b/server/lib/classes/monitor_tools.inc.php
index b70c64571dd5c4c49ba5588644e87d89fc1a5eed..04f654ccde7a6deb2548a163cf80ff8c90cf067f 100644
--- a/server/lib/classes/monitor_tools.inc.php
+++ b/server/lib/classes/monitor_tools.inc.php
@@ -815,7 +815,7 @@ class monitor_tools {
$mailSubject = '';
$inHeader = true;
for($l = 0; $l < count($lines); $l++) {
- /* Trim only in headers */
+ /* Trim only in headers */
if($inHeader && trim($lines[$l]) == '') {
$inHeader = false;
continue;
diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 935196eb52a46fc0c7d4184ecd55510ec5426bd1..12f58c1f1b7046c748b36ec52781426c4a2b2adf 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -296,7 +296,7 @@ class backup_plugin {
unlink($mail_backup_file);
$sql = "DELETE FROM mail_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
$app->db->query($sql, $conf['server_id'], $mail_backup['parent_domain_id'], $mail_backup['filename']);
- if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql);
+ if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $mail_backup['parent_domain_id'], $mail_backup['filename']);
$app->log('unlink '.$backup_dir.'/'.$mail_backup['filename'], LOGLEVEL_DEBUG);
}
}
diff --git a/server/server.php b/server/server.php
index 689cb174901017229d480e1f3dc920375303507a..106d3edc654f4dd9974b76fca0f183d1dd2d56cd 100644
--- a/server/server.php
+++ b/server/server.php
@@ -61,7 +61,7 @@ $conf['server_id'] = intval($conf['server_id']);
/*
* Try to Load the server configuration from the master-db
*/
-if ($app->dbmaster->connect_error == NULL) {
+if ($app->dbmaster->testConnection()) {
$server_db_record = $app->dbmaster->queryOneRecord("SELECT * FROM server WHERE server_id = ?", $conf['server_id']);
if(!is_array($server_db_record)) die('Unable to load the server configuration from database.');
@@ -152,7 +152,7 @@ $needStartCore = true;
/*
* Next we try to process the datalog
*/
-if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) {
+if ($app->db->testConnection() && $app->dbmaster->testConnection()) {
// Check if there is anything to update
if ($conf['mirror_server_id'] > 0) {
@@ -187,7 +187,7 @@ if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) {
$needStartCore = false;
} else {
- if ($app->db->connect->connect_error == NULL) {
+ if (!$app->db->connect->testConnection()) {
$app->log('Unable to connect to local server.' . $app->db->errorMessage, LOGLEVEL_WARN);
} else {
$app->log('Unable to connect to master server.' . $app->dbmaster->errorMessage, LOGLEVEL_WARN);