Commit cc7a8275 authored by Marius Cramer's avatar Marius Cramer

- rewrite of sql queries to new form

parent 3f916ccb
......@@ -5,8 +5,8 @@
//######################################################################################################
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
$records = $app->db->queryAllRecords($sql);
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
foreach($records as $rec) {
$domain = escapeshellcmd($rec["domain"]);
$logdir = escapeshellcmd($rec["document_root"].'/log');
......
......@@ -17,7 +17,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
......
......@@ -15,7 +15,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
result_true();
......
......@@ -229,7 +229,7 @@ class installer extends installer_base
// check if virtual_transport must be changed
if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
......@@ -421,13 +421,13 @@ class installer extends installer_base
global $conf;
//* Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
$query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
if(!$this->db->query($query)) {
$query = 'GRANT ALL ON ??.* TO ?@?';
if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
......@@ -537,21 +537,6 @@ class installer extends installer_base
//* Copy the ISPConfig configuration include
/*
$content = $this->get_template_file('apache_ispconfig.conf', true);
$records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
if(is_array($records) && count($records) > 0)
{
foreach($records as $rec) {
$content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
$content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
}
}
$this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
*/
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
......
......@@ -60,14 +60,6 @@ if($do_uninstall == 'yes') {
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
// Delete the ISPConfig database
// $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
// $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
// exec("/etc/init.d/mysql stop");
// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
// exec("/etc/init.d/mysql start");
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
......
......@@ -155,15 +155,15 @@ class app {
public function conf($plugin, $key, $value = null) {
if(is_null($value)) {
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
if($tmpconf) return $tmpconf['value'];
else return null;
} else {
if($value === false) {
$this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
return null;
} else {
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
return $value;
}
}
......@@ -179,8 +179,8 @@ class app {
$server_id = 0;
$priority = $this->functions->intval($priority);
$tstamp = time();
$msg = $this->db->quote('[INTERFACE]: '.$msg);
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
$msg = '[INTERFACE]: '.$msg;
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
/*
if (is_writable($this->_conf['log_file'])) {
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
......
......@@ -356,14 +356,7 @@ class ApsCrawler extends ApsBase
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
/*
$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
$app->db->quote($ex_ver)."';");
*/
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
$app->db->quote($ex_ver)."';");
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
unset($tmp);
}
......@@ -539,13 +532,11 @@ class ApsCrawler extends ApsBase
// Get registered packages and mark non-existant packages with an error code to omit the install
$existing_packages = array();
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
foreach($path_query as $path) $existing_packages[] = $path['Path'];
$diff = array_diff($existing_packages, $pkg_list);
foreach($diff as $todelete) {
/*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
WHERE path = '".$app->db->quote($todelete)."';");*/
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
unset($tmp);
}
......@@ -576,13 +567,6 @@ class ApsCrawler extends ApsBase
//$pkg_url = $this->app_download_url_list[$pkg];
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
/*
$app->db->query("INSERT INTO `aps_packages`
(`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
'".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
*/
// Insert only if data is complete
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
......@@ -619,7 +603,7 @@ class ApsCrawler extends ApsBase
// This method must be used in interface mode
if(!$this->interface_mode) return false;
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
......
......@@ -57,7 +57,7 @@ class auth {
global $app, $conf;
$userid = $app->functions->intval($userid);
$client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
$client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
if($client['limit_client'] != 0) {
return true;
} else {
......@@ -73,12 +73,12 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
if(!in_array($groupid, $groups)) $groups[] = $groupid;
$groups_string = implode(',', $groups);
$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
$app->db->query($sql);
$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
$app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
......@@ -95,7 +95,7 @@ class auth {
// simple query cache
if($this->client_limits===null)
$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
// isn't client -> no limit
if(!$this->client_limits)
......@@ -114,13 +114,13 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ", $userid);
$groups = explode(',', $user['groups']);
$key = array_search($groupid, $groups);
unset($groups[$key]);
$groups_string = implode(',', $groups);
$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
$app->db->query($sql);
$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
$app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
......
......@@ -49,7 +49,7 @@ class client_templates {
if($old_style == true) {
// we have to take care of this in an other way
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
foreach($in_db as $item) {
if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
......@@ -61,24 +61,24 @@ class client_templates {
if($count > 0) {
// add new template to client (includes those from old-style without assigned_template_id)
for($i = $count; $i > 0; $i--) {
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
}
} elseif($count < 0) {
// remove old ones
for($i = $count; $i < 0; $i++) {
$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
}
}
}
} else {
// we have to take care of this in an other way
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
// check which templates were removed from this client
foreach($in_db as $item) {
if(in_array($item['assigned_template_id'], $used_assigned) == false) {
// delete this one
$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
}
}
}
......@@ -86,7 +86,7 @@ class client_templates {
if(count($new_tpl) > 0) {
foreach($new_tpl as $item) {
// add new template to client (includes those from old-style without assigned_template_id)
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
}
}
}
......@@ -106,8 +106,8 @@ class client_templates {
/*
* Get the master-template for the client
*/
$sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);
$record = $app->db->queryOneRecord($sql);
$sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
$record = $app->db->queryOneRecord($sql, $clientId);
$masterTemplateId = $record['template_master'];
$is_reseller = ($record['limit_client'] != 0)?true:false;
......@@ -115,15 +115,15 @@ class client_templates {
// we have to call the update_client_templates function
$templates = explode('/', $record['template_additional']);
$this->update_client_templates($clientId, $templates);
$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
}
/*
* if the master-Template is custom there is NO changing
*/
if ($masterTemplateId > 0){
$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
$limits = $app->db->queryOneRecord($sql);
$sql = "SELECT * FROM client_template WHERE template_id = ?";
$limits = $app->db->queryOneRecord($sql, $masterTemplateId);
} else {
// if there is no master template it makes NO SENSE adding sub templates.
// adding subtemplates are stored in client limits, so they would add up
......@@ -136,11 +136,11 @@ class client_templates {
* if != -1)
*/
$addTpl = explode('/', $additionalTemplateStr);
$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
foreach ($addTpls as $addTpl){
$item = $addTpl['client_template_id'];
$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
$addLimits = $app->db->queryOneRecord($sql);
$sql = "SELECT * FROM client_template WHERE template_id = ?";
$addLimits = $app->db->queryOneRecord($sql, $item);
$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
/* maybe the template is deleted in the meantime */
if (is_array($addLimits)){
......@@ -232,6 +232,7 @@ class client_templates {
* Write all back to the database
*/
$update = '';
$update_values = array();
if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
foreach($limits as $k => $v){
if (strpos($k, 'default') !== false and $v == 0) {
......@@ -239,13 +240,16 @@ class client_templates {
}
if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
if ($update != '') $update .= ', ';
$update .= '`' . $k . "`='" . $v . "'";
$update .= '?? = ?';
$update_values[] = $k;
$update_values[] = $v;
}
}
$update_values[] = $clientId;
$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
if($update != '') {
$sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
$app->db->query($sql);
$sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
$app->db->query($sql, true, $update_values);
}
unset($form);
}
......
......@@ -47,12 +47,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
$records = $app->db->queryAllRecords($sql);
$records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
......@@ -69,12 +69,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?");
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
$records = $app->db->queryAllRecords($sql);
$records = $app->db->queryAllRecords($sql, $client['default_slave_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
......@@ -99,7 +99,7 @@ class custom_datasource {
}
if(count($server_ids) == 0) return array();
$server_ids = implode(',', $server_ids);
$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN ? AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain", $server_ids);
$records_new = array();
if(is_array($records)) {
......@@ -159,22 +159,25 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
$client = $app->db->queryOneRecord($sql);
$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?";
$client = $app->db->queryOneRecord($sql, $client_group_id);
if($client['server_id'] > 0) {
//* Select the default server for the client
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
$records = $app->db->queryAllRecords($sql, $client['server_id']);
} else {
//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);
$sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
$sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
$records = $app->db->queryAllRecords($sql, $field);
}
} else {
//* The logged in user is admin, so we show him all available servers of a specific type.
$sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
$sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
$records = $app->db->queryAllRecords($sql, $field);
}
$records = $app->db->queryAllRecords($sql);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
......
......@@ -202,7 +202,7 @@ class functions {
}
$ips = array();
$results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");
$results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])){
......@@ -230,39 +230,6 @@ class functions {
}
}
/*
$results = $app->db->queryAllRecords("SELECT xfer FROM dns_slave WHERE xfer != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
$tmp_ips = explode(',', $result['xfer']);
foreach($tmp_ips as $tmp_ip){
$tmp_ip = trim($tmp_ip);
if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
}
}
}
$results = $app->db->queryAllRecords("SELECT xfer FROM dns_soa WHERE xfer != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
$tmp_ips = explode(',', $result['xfer']);
foreach($tmp_ips as $tmp_ip){
$tmp_ip = trim($tmp_ip);
if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
}
}
}
$results = $app->db->queryAllRecords("SELECT also_notify FROM dns_soa WHERE also_notify != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
$tmp_ips = explode(',', $result['also_notify']);
foreach($tmp_ips as $tmp_ip){
$tmp_ip = trim($tmp_ip);
if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
}
}
}
*/
$results = $app->db->queryAllRecords("SELECT remote_ips FROM web_database WHERE remote_ips != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
......
......@@ -39,7 +39,7 @@ class getconf {
if(!isset($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = $app->functions->intval($server_id);
$server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
$server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
return ($section == '') ? $this->config[$server_id] : $this->config[$server_id][$section];
......
......@@ -56,56 +56,42 @@ class plugin_backuplist extends plugin_base {
$backup_id = $app->functions->intval($_GET['backup_id']);
//* check if the user is owner of the parent domain
$domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
$domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);
$check_perm = 'u';
if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
$get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));
$get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);
if(empty($get_domain) || !$get_domain) {
$app->error($app->tform->lng('no_domain_perm'));
}
if($_GET['backup_action'] == 'download' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";
$tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['download_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
"VALUES (".
(int)$server_id . ", " .
time() . ", " .
"'backup_download', " .
"'".$backup_id."', " .
"'pending', " .
"''" .
")";
$app->db->query($sql);
"VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";
$app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['download_pending_txt'];
}
}
if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
"VALUES (".
(int)$server_id . ", " .
time() . ", " .
"'backup_restore', " .
"'".$backup_id."', " .
"'pending', " .
"''" .
")";
$app->db->query($sql);
"VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";
$app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
......@@ -115,8 +101,8 @@ class plugin_backuplist extends plugin_base {
//* Get the data
$server_ids = array_unique($server_ids);
$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
$databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ".$app->functions->intval($this->form->id));
$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
$databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
if(is_array($databases) && !empty($databases)){
foreach($databases as $database){
......@@ -124,8 +110,8 @@ class plugin_backuplist extends plugin_base {
}
}
$server_ids = array_unique($server_ids);
$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id IN (".implode(',', $server_ids).") ORDER BY tstamp DESC, backup_type ASC";
$records = $app->db->queryAllRecords($sql);
$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";
$records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
......
......@@ -55,42 +55,15 @@ class plugin_backuplist_mail extends plugin_base {
if(isset($_GET['backup_action'])) {
$backup_id = $app->functions->intval($_GET['backup_id']);
/*
if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);