Commit 2af58c77 authored by Marius Cramer's avatar Marius Cramer

- finished rewriting of sql statements

parent f49af084
...@@ -38,7 +38,7 @@ class installer extends installer_base { ...@@ -38,7 +38,7 @@ class installer extends installer_base {
// check if virtual_transport must be changed // check if virtual_transport must be changed
if ($this->is_update) { if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config'])); $ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni() // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
......
...@@ -182,7 +182,7 @@ class installer_dist extends installer_base { ...@@ -182,7 +182,7 @@ class installer_dist extends installer_base {
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update //* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']); $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config'])); $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec); unset($server_ini_rec);
...@@ -396,7 +396,7 @@ class installer_dist extends installer_base { ...@@ -396,7 +396,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed // check if virtual_transport must be changed
if ($this->is_update) { if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config'])); $ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni() // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
...@@ -705,7 +705,7 @@ class installer_dist extends installer_base { ...@@ -705,7 +705,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master'); $tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion()); $tpl->setVar('apache_version',getapacheversion());
$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'"); $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array(); $ip_addresses = array();
if(is_array($records) && count($records) > 0) { if(is_array($records) && count($records) > 0) {
...@@ -813,7 +813,7 @@ class installer_dist extends installer_base { ...@@ -813,7 +813,7 @@ class installer_dist extends installer_base {
$tcp_public_services = ''; $tcp_public_services = '';
$udp_public_services = ''; $udp_public_services = '';
$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id'])); $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){ if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"])); $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
...@@ -824,7 +824,7 @@ class installer_dist extends installer_base { ...@@ -824,7 +824,7 @@ class installer_dist extends installer_base {
} }
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) { if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']); $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id'])); if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
} }
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content); $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
...@@ -1024,13 +1024,11 @@ class installer_dist extends installer_base { ...@@ -1024,13 +1024,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0; $file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0; $db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0; $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']); $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') { if($conf['mysql']['master_slave_setup'] == 'y') {
$this->dbmaster->query($sql); $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
$this->db->query($sql);
} else {
$this->db->query($sql);
} }
// chown install dir to root and chmod 755 // chown install dir to root and chmod 755
......
...@@ -540,7 +540,7 @@ class installer extends installer_base ...@@ -540,7 +540,7 @@ class installer extends installer_base
$tpl = new tpl('apache_ispconfig.conf.master'); $tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion()); $tpl->setVar('apache_version',getapacheversion());
$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'"); $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array(); $ip_addresses = array();
if(is_array($records) && count($records) > 0) { if(is_array($records) && count($records) > 0) {
...@@ -889,13 +889,11 @@ class installer extends installer_base ...@@ -889,13 +889,11 @@ class installer extends installer_base
$db_server_enabled = ($conf['services']['db'])?1:0; $db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0; $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']); $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') { if($conf['mysql']['master_slave_setup'] == 'y') {
$this->dbmaster->query($sql); $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
$this->db->query($sql);
} else {
$this->db->query($sql);
} }
// chown install dir to root and chmod 755 // chown install dir to root and chmod 755
......
...@@ -212,7 +212,7 @@ class installer_dist extends installer_base { ...@@ -212,7 +212,7 @@ class installer_dist extends installer_base {
if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']); if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
//* These postconf commands will be executed on installation and update //* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']); $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config'])); $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec); unset($server_ini_rec);
...@@ -451,7 +451,7 @@ class installer_dist extends installer_base { ...@@ -451,7 +451,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed // check if virtual_transport must be changed
if ($this->is_update) { if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config'])); $ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni() // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
...@@ -737,7 +737,7 @@ class installer_dist extends installer_base { ...@@ -737,7 +737,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master'); $tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion()); $tpl->setVar('apache_version',getapacheversion());
$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'"); $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array(); $ip_addresses = array();
if(is_array($records) && count($records) > 0) { if(is_array($records) && count($records) > 0) {
...@@ -887,7 +887,7 @@ class installer_dist extends installer_base { ...@@ -887,7 +887,7 @@ class installer_dist extends installer_base {
$tcp_public_services = ''; $tcp_public_services = '';
$udp_public_services = ''; $udp_public_services = '';
$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id'])); $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){ if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"])); $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
...@@ -899,7 +899,7 @@ class installer_dist extends installer_base { ...@@ -899,7 +899,7 @@ class installer_dist extends installer_base {
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) { if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']); $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id'])); if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
} }
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content); $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
...@@ -1097,13 +1097,11 @@ class installer_dist extends installer_base { ...@@ -1097,13 +1097,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0; $file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0; $db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0; $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']); $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']););
if($conf['mysql']['master_slave_setup'] == 'y') { if($conf['mysql']['master_slave_setup'] == 'y') {
$this->dbmaster->query($sql); $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']););
$this->db->query($sql);
} else {
$this->db->query($sql);
} }
// chown install dir to root and chmod 755 // chown install dir to root and chmod 755
......
This diff is collapsed.
This diff is collapsed.
...@@ -124,7 +124,7 @@ function updateDbAndIni() { ...@@ -124,7 +124,7 @@ function updateDbAndIni() {
global $inst, $conf; global $inst, $conf;
//* Update $conf array with values from the server.ini that shall be preserved //* Update $conf array with values from the server.ini that shall be preserved
$tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); $tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config'])); $ini_array = ini_to_array(stripslashes($tmp['config']));
$current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0; $current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;
...@@ -218,8 +218,8 @@ function updateDbAndIni() { ...@@ -218,8 +218,8 @@ function updateDbAndIni() {
} }
//* update the database version in server table //* update the database version in server table
$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
//* If ISPConfig Version < 3.0.3, we will do a full db update //* If ISPConfig Version < 3.0.3, we will do a full db update
...@@ -228,7 +228,7 @@ function updateDbAndIni() { ...@@ -228,7 +228,7 @@ function updateDbAndIni() {
swriteln($inst->lng('Starting full database update.')); swriteln($inst->lng('Starting full database update.'));
//** Delete the old database //** Delete the old database
if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) { if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.'); $inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.');
} }
...@@ -239,7 +239,7 @@ function updateDbAndIni() { ...@@ -239,7 +239,7 @@ function updateDbAndIni() {
$db_tables = $inst->db->getTables(); $db_tables = $inst->db->getTables();
foreach($db_tables as $table) { foreach($db_tables as $table) {
$inst->db->query("TRUNCATE $table"); $inst->db->query("TRUNCATE ??", $table);
} }
//** load old data back into database //** load old data back into database
...@@ -262,15 +262,15 @@ function updateDbAndIni() { ...@@ -262,15 +262,15 @@ function updateDbAndIni() {
} }
//* update the database version in server table //* update the database version in server table
$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
if ($conf['powerdns']['installed']) { if ($conf['powerdns']['installed']) {
swriteln($inst->lng('Starting full PowerDNS database update.')); swriteln($inst->lng('Starting full PowerDNS database update.'));
//** Delete the old PowerDNS database //** Delete the old PowerDNS database
if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) { if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.'); $inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.');
} }
...@@ -288,7 +288,7 @@ function updateDbAndIni() { ...@@ -288,7 +288,7 @@ function updateDbAndIni() {
//** Update server ini //** Update server ini
$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config'])); $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec); unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master')); $tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
...@@ -344,12 +344,12 @@ function updateDbAndIni() { ...@@ -344,12 +344,12 @@ function updateDbAndIni() {
} }
$new_ini = array_to_ini($tpl_ini_array); $new_ini = array_to_ini($tpl_ini_array);
$sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']; $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
$inst->db->query($sql); $inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']);
if($inst->db->dbHost != $inst->dbmaster->dbHost) { if($inst->db->dbHost != $inst->dbmaster->dbHost) {
$sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']; $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
$inst->dbmaster->query($sql); $inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']);
} }
unset($old_ini_array); unset($old_ini_array);
unset($tpl_ini_array); unset($tpl_ini_array);
...@@ -357,7 +357,7 @@ function updateDbAndIni() { ...@@ -357,7 +357,7 @@ function updateDbAndIni() {
//** Update system ini //** Update system ini
$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1"); $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini");
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config'])); $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec); unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/system.ini.master')); $tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));
...@@ -372,11 +372,11 @@ function updateDbAndIni() { ...@@ -372,11 +372,11 @@ function updateDbAndIni() {
} }
$new_ini = array_to_ini($tpl_ini_array); $new_ini = array_to_ini($tpl_ini_array);
$tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1'); $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini');
if($tmp['number'] == 0) { if($tmp['number'] == 0) {
$inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')"); $inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
} else { } else {
$inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1"); $inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
} }
unset($old_ini_array); unset($old_ini_array);
unset($tpl_ini_array); unset($tpl_ini_array);
......
...@@ -608,7 +608,7 @@ class ApsCrawler extends ApsBase ...@@ -608,7 +608,7 @@ class ApsCrawler extends ApsBase
foreach($incomplete_pkgs as $incomplete_pkg){ foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL'); $pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
if($pkg_url != ''){ if($pkg_url != ''){
$app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']); $app->db->datalogUpdate('aps_packages', array("package_url" => $pkg_url), 'id', $incomplete_pkg['id']);
} }
} }
} }
......
...@@ -268,7 +268,7 @@ class ApsGUIController extends ApsBase ...@@ -268,7 +268,7 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_name'])) { if (empty($settings['main_database_name'])) {
//* Find a free db name for the app //* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) { for($n = 1; $n <= 1000; $n++) {
$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'))); $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name); $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);
if($tmp['number'] == 0) break; if($tmp['number'] == 0) break;
} }
...@@ -277,7 +277,7 @@ class ApsGUIController extends ApsBase ...@@ -277,7 +277,7 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_login'])) { if (empty($settings['main_database_login'])) {
//* Find a free db username for the app //* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) { for($n = 1; $n <= 1000; $n++) {
$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'))); $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user); $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);
if($tmp['number'] == 0) break; if($tmp['number'] == 0) break;
} }
...@@ -287,8 +287,16 @@ class ApsGUIController extends ApsBase ...@@ -287,8 +287,16 @@ class ApsGUIController extends ApsBase
//* Create the mysql database user if not existing //* Create the mysql database user if not existing
$tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']); $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);
if(!$tmp) { if(!$tmp) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`) $insert_data = array("sys_userid" => $websrv['sys_userid'],
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))"; "sys_groupid" => $websrv['sys_groupid'],
"sys_perm_user" => 'riud',
"sys_perm_group" => $websrv['sys_perm_group'],
"sys_perm_other" => '',
"server_id" => 0,
"database_user" => $settings['main_database_login'],
"database_user_prefix" => $dbuser_prefix,
"database_password" => "PASSWORD('" . $settings['main_database_password'] . "')"
);
$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id'); $mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
} }
else $mysql_db_user_id = $tmp['database_user_id']; else $mysql_db_user_id = $tmp['database_user_id'];
...@@ -296,8 +304,25 @@ class ApsGUIController extends ApsBase ...@@ -296,8 +304,25 @@ class ApsGUIController extends ApsBase
//* Create the mysql database if not existing //* Create the mysql database if not existing
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']); $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);
if($tmp['number'] == 0) { if($tmp['number'] == 0) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`) $insert_data = array("sys_userid" => $websrv['sys_userid'],
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')"; "sys_groupid" => $websrv['sys_groupid'],
"sys_perm_user" => 'riud',
"sys_perm_group" => $websrv['sys_perm_group'],
"sys_perm_other" => '',
"server_id" => $mysql_db_server_id,
"parent_domain_id" => $websrv['domain_id'],
"type" => 'mysql',
"database_name" => $settings['main_database_name'],
"database_name_prefix" => $dbname_prefix,
"database_user_id" => $mysql_db_user_id,
"database_ro_user_id" => 0,
"database_charset" => '',
"remote_access" => $mysql_db_remote_access,
"remote_ips" => $mysql_db_remote_ips,
"backup_copies" => $websrv['backup_copies'],
"active" => 'y',
"backup_interval" => $websrv['backup_interval']
);
$app->db->datalogInsert('web_database', $insert_data, 'database_id'); $app->db->datalogInsert('web_database', $insert_data, 'database_id');
} }
...@@ -351,7 +376,7 @@ class ApsGUIController extends ApsBase ...@@ -351,7 +376,7 @@ class ApsGUIController extends ApsBase
// mysql-database-name is updated inside if not set already // mysql-database-name is updated inside if not set already
if (!$this->createDatabaseForPackageInstance($settings, $websrv)) return false; if (!$this->createDatabaseForPackageInstance($settings, $websrv)) return false;
} }
//* Insert new package instance //* Insert new package instance
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")"; $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id'); $InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
......
...@@ -626,20 +626,26 @@ class db extends mysqli ...@@ -626,20 +626,26 @@ class db extends mysqli
if(is_array($insert_data)) { if(is_array($insert_data)) {
$key_str = ''; $key_str = '';
$val_str = ''; $val_str = '';
$params = array($tablename);
$v_params = array();
foreach($insert_data as $key => $val) { foreach($insert_data as $key => $val) {
$key_str .= "`".$key ."`,"; $key_str .= '??,'
$val_str .= "'".$this->escape($val)."',"; $params[] = $key;
$val_str .= '?,';
$v_params[] = $val;
} }
$key_str = substr($key_str, 0, -1); $key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1); $val_str = substr($val_str, 0, -1);
$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')'; $insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
$this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
} else { } else {
/* TODO: deprecate this method! */
$insert_data_str = $insert_data; $insert_data_str = $insert_data;
$this->query("INSERT INTO ?? $insert_data_str", $tablename);
} }
/* TODO: reduce risk of insert_data_str! */