diff --git a/helper_scripts/recreate_webalizer_stats.php b/helper_scripts/recreate_webalizer_stats.php
index fbaef38097d01009ac947755644fbf20f17803c0..5afcd9759a858aa6dccce93069a421c2be1c26e5 100644
--- a/helper_scripts/recreate_webalizer_stats.php
+++ b/helper_scripts/recreate_webalizer_stats.php
@@ -5,8 +5,8 @@
//######################################################################################################
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
foreach($records as $rec) {
$domain = escapeshellcmd($rec["domain"]);
$logdir = escapeshellcmd($rec["document_root"].'/log');
diff --git a/install/apps/metronome_libs/mod_auth_external/db_auth.php b/install/apps/metronome_libs/mod_auth_external/db_auth.php
index 086dcf6a0143efbb8562f3817d0fc7c58c03d949..3df135bc12a95c6773c5a8033f8b8117a3759981 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_auth.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_auth.php
@@ -17,7 +17,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
diff --git a/install/apps/metronome_libs/mod_auth_external/db_isuser.php b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
index 7a7cf861bf88f38035535297672636f1518dca3a..e6820635bcdd085c3273f5e6c9c65819cea8d675 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_isuser.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
@@ -15,7 +15,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
result_true();
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 6e463ec607c9e19542c0bde3fcd2751220a55ed5..e184e8cf580bb26356bc690482eed697779872e3 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -229,7 +229,7 @@ class installer extends installer_base
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -421,13 +421,13 @@ class installer extends installer_base
global $conf;
//* Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
- $query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
- if(!$this->db->query($query)) {
+ $query = 'GRANT ALL ON ??.* TO ?@?';
+ if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
@@ -537,21 +537,6 @@ class installer extends installer_base
//* Copy the ISPConfig configuration include
- /*
- $content = $this->get_template_file('apache_ispconfig.conf', true);
-
- $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
- if(is_array($records) && count($records) > 0)
- {
- foreach($records as $rec) {
- $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
- $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
- }
- }
-
- $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
- */
-
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
diff --git a/install/uninstall.php b/install/uninstall.php
index 56cf0eb58b7bee9fb4ffb4d6c54c57470f30b0e1..111f57466311f6c70f017a4654c192603fc3305c 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -60,14 +60,6 @@ if($do_uninstall == 'yes') {
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
- // Delete the ISPConfig database
- // $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
- // $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
-
-// exec("/etc/init.d/mysql stop");
-// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
-// exec("/etc/init.d/mysql start");
-
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 75068744f9f59b042d917bc5f97daa6e736c6f84..949f1643cf1f12d78611adf0f027b3452ffa387e 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -155,15 +155,15 @@ class app {
public function conf($plugin, $key, $value = null) {
if(is_null($value)) {
- $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
if($tmpconf) return $tmpconf['value'];
else return null;
} else {
if($value === false) {
- $this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
return null;
} else {
- $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
+ $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
return $value;
}
}
@@ -179,8 +179,8 @@ class app {
$server_id = 0;
$priority = $this->functions->intval($priority);
$tstamp = time();
- $msg = $this->db->quote('[INTERFACE]: '.$msg);
- $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+ $msg = '[INTERFACE]: '.$msg;
+ $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
/*
if (is_writable($this->_conf['log_file'])) {
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
diff --git a/interface/lib/classes/aps_crawler.inc.php b/interface/lib/classes/aps_crawler.inc.php
index 4a6409227ea018a2e22ac8b745516f8511203327..5f36a5db573c9d77545bc097bcfe2cec926337e5 100644
--- a/interface/lib/classes/aps_crawler.inc.php
+++ b/interface/lib/classes/aps_crawler.inc.php
@@ -356,14 +356,7 @@ class ApsCrawler extends ApsBase
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
- /*
- $app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
- */
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
unset($tmp);
}
@@ -539,13 +532,11 @@ class ApsCrawler extends ApsBase
// Get registered packages and mark non-existant packages with an error code to omit the install
$existing_packages = array();
- $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
+ $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
foreach($path_query as $path) $existing_packages[] = $path['Path'];
$diff = array_diff($existing_packages, $pkg_list);
foreach($diff as $todelete) {
- /*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
- WHERE path = '".$app->db->quote($todelete)."';");*/
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
unset($tmp);
}
@@ -576,13 +567,6 @@ class ApsCrawler extends ApsBase
//$pkg_url = $this->app_download_url_list[$pkg];
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
- /*
- $app->db->query("INSERT INTO `aps_packages`
- (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
- ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
- '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
- ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
- */
// Insert only if data is complete
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
@@ -619,7 +603,7 @@ class ApsCrawler extends ApsBase
// This method must be used in interface mode
if(!$this->interface_mode) return false;
- $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
+ $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
diff --git a/interface/lib/classes/aps_guicontroller.inc.php b/interface/lib/classes/aps_guicontroller.inc.php
index 1f186288699c2756bc4a063b786bbd317d3b0b54..d9c347421d7014fa93469b41a1264ab56152f0ff 100644
--- a/interface/lib/classes/aps_guicontroller.inc.php
+++ b/interface/lib/classes/aps_guicontroller.inc.php
@@ -100,7 +100,7 @@ class ApsGUIController extends ApsBase
$customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain
WHERE web_domain.sys_groupid = sys_group.groupid
- AND web_domain.domain = '".$app->db->quote($domain)."';");
+ AND web_domain.domain = ?", $domain);
if(!empty($customerdata)) $customerid = $customerdata['client_id'];
return $customerid;
@@ -122,14 +122,14 @@ class ApsGUIController extends ApsBase
$websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain
WHERE domain = (SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");");
+ WHERE name = 'main_domain' AND instance_id = ?)", $instanceid);
// If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged?
// Anyhow, remove this instance record because it's not useful at all
if(empty($websrv))
{
- $app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";");
- $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";");
+ $app->db->query("DELETE FROM aps_instances WHERE id = ?", $instanceid);
+ $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ?", $instanceid);
}
else $webserver_id = $websrv['server_id'];
@@ -154,9 +154,9 @@ class ApsGUIController extends ApsBase
$result = $app->db->queryOneRecord("SELECT id, name,
CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version
FROM aps_packages
- WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).")
+ WHERE name = (SELECT name FROM aps_packages WHERE id = ?)
AND package_status = 2
- ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC");
+ ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC", $id);
if(!empty($result) && ($id != $result['id'])) return $result['id'];
@@ -180,7 +180,7 @@ class ApsGUIController extends ApsBase
'package_status = '.PACKAGE_ENABLED.' AND' :
'(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND';
- $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";");
+ $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ?", $id);
if(!$result) return false;
return true;
@@ -203,9 +203,15 @@ class ApsGUIController extends ApsBase
if(preg_match('/^[0-9]+$/', $id) != 1) return false;
// Only filter if not admin
- $sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : '';
-
- $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';');
+ $params = array();
+ $sql_ext = '';
+ if(!$is_admin) {
+ $sql_ext = 'customer_id = ? AND ';
+ $params[] = $client_id;
+ }
+ $params[] = $id;
+
+ $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = ?', true, $params);
if(!$result) return false;
return true;
@@ -226,7 +232,7 @@ class ApsGUIController extends ApsBase
unset($tmp);
// get information if the webserver is a db server, too
- $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
+ $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ?", $websrv['server_id']);
if($web_server['db_server'] == 1) {
// create database on "localhost" (webserver)
$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
@@ -235,7 +241,7 @@ class ApsGUIController extends ApsBase
$mysql_db_remote_ips = '';
} else {
//* get the default database server of the client
- $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
+ $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $websrv['sys_groupid']);
if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
@@ -263,7 +269,7 @@ class ApsGUIController extends ApsBase
//* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) {
$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);
if($tmp['number'] == 0) break;
}
$settings['main_database_name'] = $mysql_db_name;
@@ -272,14 +278,14 @@ class ApsGUIController extends ApsBase
//* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) {
$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);
if($tmp['number'] == 0) break;
}
$settings['main_database_login'] = $mysql_db_user;
}
//* Create the mysql database user if not existing
- $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = '".$app->db->quote($settings['main_database_login'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);
if(!$tmp) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))";
@@ -288,7 +294,7 @@ class ApsGUIController extends ApsBase
else $mysql_db_user_id = $tmp['database_user_id'];
//* Create the mysql database if not existing
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($settings['main_database_name'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);
if($tmp['number'] == 0) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
@@ -312,7 +318,7 @@ class ApsGUIController extends ApsBase
$app->uses('tools_sites');
$webserver_id = 0;
- $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';");
+ $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $settings['main_domain']);
if(!empty($websrv)) $webserver_id = $websrv['server_id'];
$customerid = $this->getCustomerIDFromDomain($settings['main_domain']);
@@ -336,7 +342,7 @@ class ApsGUIController extends ApsBase
//* Create the MySQL database for the application if necessary
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $packageid);
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
$sxe = $this->readInMetaFile($metafile);
@@ -371,24 +377,14 @@ class ApsGUIController extends ApsBase
public function deleteInstance($instanceid, $keepdatabase = false)
{
global $app;
- /*
- $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";");
-
- $webserver_id = $this->getInstanceDataForDatalog($instanceid);
- if($webserver_id == '') return;
-
- // Create a sys_datalog entry for deletion
- $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);
- $app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
- */
if (!$keepdatabase) {
- $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ? LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $instanceid);
if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
$database_user = $tmp['database_user_id'];
- $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'");
+ $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = ? OR `database_ro_user_id` = ?", $database_user, $database_user);
if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);
}
@@ -406,7 +402,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
@@ -528,7 +524,7 @@ class ApsGUIController extends ApsBase
if(in_array($postinput['main_domain'], $domains))
{
$docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($postinput['main_domain'])."';");
+ WHERE domain = ?", $postinput['main_domain']);
$new_path = $docroot['document_root'];
if(substr($new_path, -1) != '/') $new_path .= '/';
$new_path .= $main_location;
@@ -543,13 +539,13 @@ class ApsGUIController extends ApsBase
$instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain
FROM aps_instances AS i, aps_instances_settings AS s
WHERE i.id = s.instance_id AND s.name = 'main_domain'
- AND i.customer_id = '".$app->db->quote($customerid)."';");
+ AND i.customer_id = ?", $customerid);
for($i = 0; $i < count($instance_domains); $i++)
{
$used_path = '';
$doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';");
+ WHERE domain = ?", $instance_domains[$i]['domain']);
// Probably the domain settings were changed later, so make sure the doc_root
// is not empty for further validation
@@ -560,7 +556,7 @@ class ApsGUIController extends ApsBase
$location_for_domain = $app->db->queryOneRecord("SELECT value
FROM aps_instances_settings WHERE name = 'main_location'
- AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");
+ AND instance_id = ?", $instance_domains[$i]['instance_id']);
// The location might be empty but the DB return must not be false!
if($location_for_domain) $used_path .= $location_for_domain['value'];
@@ -693,7 +689,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 70c1722aedc9ff7b48226fa61d3f38cc0a6a105d..562cf40226ee77678ba7e7eda9952f66878a8590 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -57,7 +57,7 @@ class auth {
global $app, $conf;
$userid = $app->functions->intval($userid);
- $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
if($client['limit_client'] != 0) {
return true;
} else {
@@ -73,12 +73,12 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
if(!in_array($groupid, $groups)) $groups[] = $groupid;
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
@@ -95,7 +95,7 @@ class auth {
// simple query cache
if($this->client_limits===null)
- $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
// isn't client -> no limit
if(!$this->client_limits)
@@ -114,13 +114,13 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ", $userid);
$groups = explode(',', $user['groups']);
$key = array_search($groupid, $groups);
unset($groups[$key]);
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
diff --git a/interface/lib/classes/client_templates.inc.php b/interface/lib/classes/client_templates.inc.php
index 993936b2cead67d8b1359ed5399c3933364eafcf..e3141d792ea83332e05b8eef160c7f97f76c0fdf 100644
--- a/interface/lib/classes/client_templates.inc.php
+++ b/interface/lib/classes/client_templates.inc.php
@@ -49,7 +49,7 @@ class client_templates {
if($old_style == true) {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
foreach($in_db as $item) {
if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@ class client_templates {
if($count > 0) {
// add new template to client (includes those from old-style without assigned_template_id)
for($i = $count; $i > 0; $i--) {
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
}
} elseif($count < 0) {
// remove old ones
for($i = $count; $i < 0; $i++) {
- $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
}
}
}
} else {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
// check which templates were removed from this client
foreach($in_db as $item) {
if(in_array($item['assigned_template_id'], $used_assigned) == false) {
// delete this one
- $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
}
}
}
@@ -86,7 +86,7 @@ class client_templates {
if(count($new_tpl) > 0) {
foreach($new_tpl as $item) {
// add new template to client (includes those from old-style without assigned_template_id)
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
}
}
}
@@ -106,8 +106,8 @@ class client_templates {
/*
* Get the master-template for the client
*/
- $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
+ $record = $app->db->queryOneRecord($sql, $clientId);
$masterTemplateId = $record['template_master'];
$is_reseller = ($record['limit_client'] != 0)?true:false;
@@ -115,15 +115,15 @@ class client_templates {
// we have to call the update_client_templates function
$templates = explode('/', $record['template_additional']);
$this->update_client_templates($clientId, $templates);
- $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
}
/*
* if the master-Template is custom there is NO changing
*/
if ($masterTemplateId > 0){
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
- $limits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $limits = $app->db->queryOneRecord($sql, $masterTemplateId);
} else {
// if there is no master template it makes NO SENSE adding sub templates.
// adding subtemplates are stored in client limits, so they would add up
@@ -136,11 +136,11 @@ class client_templates {
* if != -1)
*/
$addTpl = explode('/', $additionalTemplateStr);
- $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
foreach ($addTpls as $addTpl){
$item = $addTpl['client_template_id'];
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
- $addLimits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $addLimits = $app->db->queryOneRecord($sql, $item);
$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
/* maybe the template is deleted in the meantime */
if (is_array($addLimits)){
@@ -232,6 +232,7 @@ class client_templates {
* Write all back to the database
*/
$update = '';
+ $update_values = array();
if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
foreach($limits as $k => $v){
if (strpos($k, 'default') !== false and $v == 0) {
@@ -239,13 +240,16 @@ class client_templates {
}
if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
if ($update != '') $update .= ', ';
- $update .= '`' . $k . "`='" . $v . "'";
+ $update .= '?? = ?';
+ $update_values[] = $k;
+ $update_values[] = $v;
}
}
+ $update_values[] = $clientId;
$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
if($update != '') {
- $sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
- $app->db->query($sql);
+ $sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
+ $app->db->query($sql, true, $update_values);
}
unset($form);
}
diff --git a/interface/lib/classes/custom_datasource.inc.php b/interface/lib/classes/custom_datasource.inc.php
index 16036f599c3fe94803cabe98a3cfd3592f7de7dd..92caa87182eedc4433bf996b0207d0e3ebe89b22 100644
--- a/interface/lib/classes/custom_datasource.inc.php
+++ b/interface/lib/classes/custom_datasource.inc.php
@@ -47,12 +47,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -69,12 +69,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?");
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_slave_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -99,7 +99,7 @@ class custom_datasource {
}
if(count($server_ids) == 0) return array();
$server_ids = implode(',', $server_ids);
- $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+ $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN ? AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain", $server_ids);
$records_new = array();
if(is_array($records)) {
@@ -159,22 +159,25 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?";
+ $client = $app->db->queryOneRecord($sql, $client_group_id);
if($client['server_id'] > 0) {
//* Select the default server for the client
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $client['server_id']);
} else {
//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
} else {
//* The logged in user is admin, so we show him all available servers of a specific type.
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
- $records = $app->db->queryAllRecords($sql);
+
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 2be5fb7df0bbd98c55bcf01a8ca87d5f863a3901..5bbff40158486c372dc17fe67ff2b5f169e1cc94 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -202,7 +202,7 @@ class functions {
}
$ips = array();
- $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");
+ $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])){
@@ -230,39 +230,6 @@ class functions {
}
}
- /*
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_slave WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_soa WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT also_notify FROM dns_soa WHERE also_notify != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['also_notify']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- */
-
$results = $app->db->queryAllRecords("SELECT remote_ips FROM web_database WHERE remote_ips != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
diff --git a/interface/lib/classes/getconf.inc.php b/interface/lib/classes/getconf.inc.php
index a246b1853c13d04339d1a6e1c6f04c0d9e99ab85..ef9e0702d212db0b3a773b4c5a0dc900af8e4153 100644
--- a/interface/lib/classes/getconf.inc.php
+++ b/interface/lib/classes/getconf.inc.php
@@ -39,7 +39,7 @@ class getconf {
if(!isset($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = $app->functions->intval($server_id);
- $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
+ $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
return ($section == '') ? $this->config[$server_id] : $this->config[$server_id][$section];
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index c399d87622a01c353c4b93a6dbd54389c246cdbc..e9cd40c8c6c3d876f65b77e2591a2250c7318837 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -56,56 +56,42 @@ class plugin_backuplist extends plugin_base {
$backup_id = $app->functions->intval($_GET['backup_id']);
//* check if the user is owner of the parent domain
- $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
+ $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);
$check_perm = 'u';
if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
- $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));
+ $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);
if(empty($get_domain) || !$get_domain) {
$app->error($app->tform->lng('no_domain_perm'));
}
if($_GET['backup_action'] == 'download' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['download_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['download_pending_txt'];
}
}
if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_restore', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -115,8 +101,8 @@ class plugin_backuplist extends plugin_base {
//* Get the data
$server_ids = array_unique($server_ids);
- $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
- $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ".$app->functions->intval($this->form->id));
+ $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
+ $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
if(is_array($databases) && !empty($databases)){
foreach($databases as $database){
@@ -124,8 +110,8 @@ class plugin_backuplist extends plugin_base {
}
}
$server_ids = array_unique($server_ids);
- $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id IN (".implode(',', $server_ids).") ORDER BY tstamp DESC, backup_type ASC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php
index 847428389e82de6ca00ff742fe499571e76bd951..901901a3ed62cc7642d472809ef99ee99aa132c5 100644
--- a/interface/lib/classes/plugin_backuplist_mail.inc.php
+++ b/interface/lib/classes/plugin_backuplist_mail.inc.php
@@ -55,42 +55,15 @@ class plugin_backuplist_mail extends plugin_base {
if(isset($_GET['backup_action'])) {
$backup_id = $app->functions->intval($_GET['backup_id']);
-/*
- if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
- if($tmp['number'] == 0) {
- $message .= $wb['download_info_txt'];
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
- } else {
- $error .= $wb['download_pending_txt'];
- }
- }
-*/
+
if($_GET['backup_action'] == 'restore_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_restore_mail', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";
+ $app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -98,8 +71,8 @@ class plugin_backuplist_mail extends plugin_base {
}
//* Get the data
- $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ".$this->form->id." ORDER BY tstamp DESC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ? ORDER BY tstamp DESC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index e7d576cd17a58c9af14ac3e4f7761ed4ea520bbb..c50cb9177f8691921dad821b0dddff71f7d1dc1c 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -126,7 +126,7 @@ class plugin_listview extends plugin_base {
// Get the data
- $records = $app->db->queryAllRecords("SELECT * FROM ".$app->listform->listDef["table"]." WHERE $sql_where $sql_order_by $limit_sql");
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE $sql_where $sql_order_by $limit_sql", $app->listform->listDef["table"]);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 794db538b9e304efb04633f3d88f3eb98f1d95b5..24a3ce3d0d65a867640dbe165d14cb57be56a820 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -103,9 +103,9 @@ class quota_lib {
// select vhosts (belonging to client)
if($clientid != null){
- $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+ $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)";
}
- $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where);
+ $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where, $clientid);
$hostnames = array();
$traffic_data = array();
@@ -120,12 +120,12 @@ class quota_lib {
$tmp_year = date('Y');
$tmp_month = date('m');
// This Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_month'] = $tmp_rec['t'];
}
// This Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_year'] = $tmp_rec['t'];
}
@@ -133,21 +133,21 @@ class quota_lib {
$tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
$tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
// Last Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_month'] = $tmp_rec['t'];
}
$tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
// Last Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_year'] = $tmp_rec['t'];
}
if (is_int($lastdays) && ($lastdays > 0)) {
// Last xx Days
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ".$app->db->quote($lastdays)." DAY)) AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname");
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ? DAY)) AND hostname IN ? GROUP BY hostname", $lastdays, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['lastdays'] = $tmp_rec['t'];
}
diff --git a/interface/lib/classes/remote.d/admin.inc.php b/interface/lib/classes/remote.d/admin.inc.php
index ba966fe1aba371daaf03fcb19844fa1681f4b8c7..2541ca5c19f35bebd850e4a6f3435ea79bfd738c 100644
--- a/interface/lib/classes/remote.d/admin.inc.php
+++ b/interface/lib/classes/remote.d/admin.inc.php
@@ -60,7 +60,7 @@ class remoting_admin extends remoting {
switch($key) {
case 'sys_userid':
// check if userid is valid
- $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value));
if(!$check || !$check['userid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
return false;
@@ -69,7 +69,7 @@ class remoting_admin extends remoting {
break;
case 'sys_groupid':
// check if groupid is valid
- $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value));
if(!$check || !$check['groupid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
return false;
diff --git a/interface/lib/classes/remote.d/aps.inc.php b/interface/lib/classes/remote.d/aps.inc.php
index 78c066c5eb1298f06381d2b42be45bd186f9b5cb..b626f1b7abf6b21d7037b02b654a28af53495e9e 100644
--- a/interface/lib/classes/remote.d/aps.inc.php
+++ b/interface/lib/classes/remote.d/aps.inc.php
@@ -241,8 +241,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM web_domain WHERE domain = '".$app->db->quote($params['main_domain'])."'";
- $domain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain = ?";
+ $domain = $app->db->queryOneRecord($sql, $params['main_domain']);
if (!$domain) {
$this->server->fault('invalid parameters', 'No valid domain given.');
@@ -269,8 +269,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -283,8 +283,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ?";
+ $result = $app->db->queryAllRecords($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -301,8 +301,8 @@ class remoting_aps extends remoting {
$gui = new ApsGUIController($app);
// Check if Instance exists
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $primary_id);
if (!$result) {
$this->server->fault('instance_error', 'No valid instance id given.');
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index d780ec8533d19411fd18804c7771f72ece851a77..f0c7b8f9f14d9dcaa27ab62317437d0010dc6d12 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -65,7 +65,7 @@ class remoting_client extends remoting {
if(isset($data['client_id'])) {
// this is a single record
if($data['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $data['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -78,7 +78,7 @@ class remoting_client extends remoting {
// multiple client records
foreach($data as $index => $client) {
if($client['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $client['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -104,7 +104,7 @@ class remoting_client extends remoting {
$sys_userid = $app->functions->intval($sys_userid);
- $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ".$sys_userid);
+ $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
if(isset($rec['client_id'])) {
return $app->functions->intval($rec['client_id']);
} else {
@@ -125,7 +125,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
if(is_array($rec)) {
return $rec;
@@ -145,7 +145,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
if(isset($rec['groupid'])) {
return $app->functions->intval($rec['groupid']);
} else {
@@ -169,7 +169,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -208,7 +208,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -221,7 +221,7 @@ class remoting_client extends remoting {
}
// we need the previuos templates assigned here
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $old_rec['template_additional']);
@@ -258,8 +258,8 @@ class remoting_client extends remoting {
}
if(@is_numeric($client_id)) {
- $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ".$client_id;
- return $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
+ return $app->db->queryOneRecord($sql, $client_id);
} else {
$this->server->fault('The ID must be an integer.');
return array();
@@ -270,10 +270,10 @@ class remoting_client extends remoting {
global $app;
$this->id = $client_id;
- $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ' . $client_id);
+ $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
$this->oldDataRecord = $this->dataRecord;
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -297,13 +297,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ' . $template_id);
+ $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -312,8 +312,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (" . $client_id . ", " . $template_id . ")";
- $app->db->query($sql);
+ $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
+ $app->db->query($sql, $client_id, $template_id);
$insert_id = $app->db->insertID();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -335,13 +335,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $assigned_template_id);
+ $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -350,8 +350,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = " . $template_id . " AND `client_id` = " . $client_id;
- $app->db->query($sql);
+ $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
+ $app->db->query($sql, $template_id, $client_id);
$affected_rows = $app->db->affectedRows();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -395,15 +395,15 @@ class remoting_client extends remoting {
if($client_id > 0) {
//* remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
//* delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ", $client_id);
//* delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ", $client_id);
//* Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
@@ -413,7 +413,7 @@ class remoting_client extends remoting {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ", $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -428,11 +428,11 @@ class remoting_client extends remoting {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
@@ -469,7 +469,7 @@ class remoting_client extends remoting {
return false;
}
$username = $app->db->quote($username);
- $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$username."'");
+ $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
if (isset($rec)) {
return $rec;
} else {
@@ -517,13 +517,13 @@ class remoting_client extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ".$client_id);
+ $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
if($client['client_id'] > 0) {
$new_password = $app->db->quote($new_password);
- $sql = "UPDATE client SET password = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
- $sql = "UPDATE sys_user SET passwort = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET password = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
return true;
} else {
throw new SoapFault('no_client_found', 'There is no user account for this client_id');
@@ -567,8 +567,8 @@ class remoting_client extends remoting {
}
//* Check failed logins
- $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
- $alreadyfailed = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
@@ -582,8 +582,8 @@ class remoting_client extends remoting {
if(strstr($username,'@')) {
// Check against client table
- $sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client WHERE email = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['password']);
@@ -614,8 +614,8 @@ class remoting_client extends remoting {
} else {
// Check against sys_user table
- $sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE username = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -649,15 +649,14 @@ class remoting_client extends remoting {
//* Log failed login attempts
if($user === false) {
- $time = time();
if(!$alreadyfailed['times'] ) {
//* user login the first time wrong
- $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";
- $app->db->query($sql);
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $remote_ip);
} elseif($alreadyfailed['times'] >= 1) {
//* update times wrong
- $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";
- $app->db->query($sql);
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $remote_ip);
}
}
diff --git a/interface/lib/classes/remote.d/dns.inc.php b/interface/lib/classes/remote.d/dns.inc.php
index 1e9526a12faf52db8bb00192e9655794021a886e..f107c16767054cb44857bddd757f69f4043b02b7 100644
--- a/interface/lib/classes/remote.d/dns.inc.php
+++ b/interface/lib/classes/remote.d/dns.inc.php
@@ -50,9 +50,9 @@ class remoting_dns extends remoting {
return false;
}
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ".$app->functions->intval($client_id));
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ?", $client_id);
$server_id = $client["default_dnsserver"];
- $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
+ $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
$tform_def_file = "../../web/dns/form/dns_soa.tform.php";
$app->uses('tform');
@@ -117,7 +117,7 @@ class remoting_dns extends remoting {
if($error == '') {
// Insert the soa record
- $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ".$app->functions->intval($client_id));
+ $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ?", $client_id);
$sys_userid = $tmp['userid'];
$sys_groupid = $tmp['default_group'];
unset($tmp);
@@ -180,7 +180,7 @@ class remoting_dns extends remoting {
return false;
}
- $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like '".$origin."%'");
+ $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like ?", $origin."%");
if(isset($rec['id'])) {
return $app->functions->intval($rec['id']);
} else {
@@ -764,8 +764,8 @@ class remoting_dns extends remoting {
if (!empty($client_id) && !empty($server_id)) {
$server_id = $app->functions->intval($server_id);
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id AND server_id = $server_id";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ? AND server_id = ?";
+ $result = $app->db->queryAllRecords($sql, $client_id, $server_id);
return $result;
}
return false;
@@ -785,8 +785,8 @@ class remoting_dns extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($zone_id);;
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM dns_rr WHERE zone = ?";
+ $result = $app->db->queryAllRecords($sql, $zone_id);
return $result;
}
@@ -809,8 +809,8 @@ class remoting_dns extends remoting {
} else {
$status = 'N';
}
- $sql = "UPDATE dns_soa SET active = '$status' WHERE id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE dns_soa SET active = ? WHERE id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/domains.inc.php b/interface/lib/classes/remote.d/domains.inc.php
index 9bba710023f6d311b7a18673ba731e072d957c11..33830335d8989990cd1c4f4613ab290679763184 100644
--- a/interface/lib/classes/remote.d/domains.inc.php
+++ b/interface/lib/classes/remote.d/domains.inc.php
@@ -86,8 +86,8 @@ class remoting_domains extends remoting {
return false;
}
$group_id = $app->functions->intval($group_id);
- $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = $group_id ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = ?";
+ $all = $app->db->queryAllRecords($sql, $group_id);
return $all;
}
diff --git a/interface/lib/classes/remote.d/mail.inc.php b/interface/lib/classes/remote.d/mail.inc.php
index 29ff0d83b5cc80e13e00655aad3e888c0163d0ae..21ccb5b1a6c70c12277fcb62d50921d80169e106 100644
--- a/interface/lib/classes/remote.d/mail.inc.php
+++ b/interface/lib/classes/remote.d/mail.inc.php
@@ -208,7 +208,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -235,7 +235,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -320,14 +320,16 @@ class remoting_mail extends remoting {
return false;
}
+ $params = array();
if ($site_id != null) {
- $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ".$app->functions->intval($site_id);
+ $params[] = $site_id;
+ $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ?";
}
else {
$sql = "SELECT * FROM mail_backup";
}
- $result = $app->db->queryAllRecords($sql);
+ $result = $app->db->queryAllRecords($sql, true, $params);
return $result;
}
@@ -342,7 +344,7 @@ class remoting_mail extends remoting {
}
//*Set variables
- $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`='$primary_id'");
+ $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`=?", $primary_id);
$server_id = $backup_record['server_id'];
//*Set default action state
@@ -361,14 +363,14 @@ class remoting_mail extends remoting {
}
//* Validate instance
- $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`='$primary_id' and `action_type`='$action_type' and `action_state`='pending'");
+ $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`=? and `action_type`=? and `action_state`='pending'", $primary_id, $action_type);
if ($instance_record['action_id'] >= 1) {
$this->server->fault('duplicate_action', "There is already a pending $action_type action");
return false;
}
//* Save the record
- if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = '$server_id', `tstamp` = '$tstamp', `action_type` = '$action_type', `action_param` = '$primary_id', `action_state` = '$action_state'")) {
+ if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = ?, `tstamp` = ?, `action_type` = ?, `action_param` = ?, `action_state` = ?"), $server_id, $tstamp, $action_type, $primary_id, $action_state) {
return true;
} else {
return false;
@@ -401,7 +403,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -423,7 +425,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -1060,8 +1062,8 @@ class remoting_mail extends remoting {
}
if (!empty($domain)) {
$domain = $app->db->quote($domain);
- $sql = "SELECT * FROM mail_domain WHERE domain = '$domain'";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_domain WHERE domain = ?";
+ $result = $app->db->queryAllRecords($sql, $domain);
return $result;
}
return false;
@@ -1079,8 +1081,8 @@ class remoting_mail extends remoting {
} else {
$status = 'n';
}
- $sql = "UPDATE mail_domain SET active = '$status' WHERE domain_id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE mail_domain SET active = ? WHERE domain_id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/openvz.inc.php b/interface/lib/classes/remote.d/openvz.inc.php
index 4a087ccbc7e2d2c3df231d943869211fccbee439..c427a1f749e3f7eecf6e85cf00722eb155dda51f 100644
--- a/interface/lib/classes/remote.d/openvz.inc.php
+++ b/interface/lib/classes/remote.d/openvz.inc.php
@@ -159,7 +159,7 @@ class remoting_openvz extends remoting {
$server_id = $app->functions->intval($server_id);
if($server_id > 0) {
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = $server_id LIMIT 0,1");
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $server_id);
} else {
$tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -229,9 +229,9 @@ class remoting_openvz extends remoting {
if (!empty($client_id)) {
$client_id = $app->functions->intval($client_id);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
- $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ".$app->functions->intval($tmp['groupid']);
- $result = $app->db->queryAllRecords($sql);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+ $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ?";
+ $result = $app->db->queryAllRecords($sql, $tmp['groupid']);
return $result;
}
return false;
@@ -272,23 +272,23 @@ class remoting_openvz extends remoting {
}
// Verify if template and ostemplate exist
- $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = $template_id");
+ $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = ?", $template_id);
if(!is_array($tmp)) {
throw new SoapFault('template_id_error', 'Template does not exist.');
return false;
}
- $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = $ostemplate_id");
+ $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = ?", $ostemplate_id);
if(!is_array($tmp)) {
throw new SoapFault('ostemplate_id_error', 'OSTemplate does not exist.');
return false;
}
//* Get the template
- $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = $template_id");
+ $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $template_id);
//* Get the IP address and server_id
if($override_params['server_id'] > 0) {
- $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ".$override_params['server_id']." LIMIT 0,1");
+ $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $override_params['server_id']);
} else {
$vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -376,25 +376,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_start_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -425,25 +418,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_stop_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -474,25 +460,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_restart_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
diff --git a/interface/lib/classes/remote.d/server.inc.php b/interface/lib/classes/remote.d/server.inc.php
index 403530207151242fcef101c6052e507227bf1144..eb4a8b9846641d44865d345fa889b09cd2d6ef37 100644
--- a/interface/lib/classes/remote.d/server.inc.php
+++ b/interface/lib/classes/remote.d/server.inc.php
@@ -55,8 +55,8 @@ class remoting_server extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT server_id FROM server_ip WHERE ip_address = '$ipaddress' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server_ip WHERE ip_address = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $ipaddress);
return $all;
}
@@ -178,8 +178,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_name)) {
- $sql = "SELECT server_id FROM server WHERE server_name = '$server_name' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server WHERE server_name = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $server_name);
return $all;
} else {
return false;
@@ -200,8 +200,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_id)) {
- $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = '$server_id' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = ? LIMIT 1 ";
+ $all = $app->db->queryAllRecords($sql, $server_id);
return $all;
} else {
return false;
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index 05ba482cba76e201f6217a2975095bca96096cf3..34386cb4c91661454c73a23773c5dcd1bbac2f4b 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -114,7 +114,7 @@ class remoting_sites extends remoting {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $params['database_name'], $params["server_id"]);
if($tmp['dbnum'] > 0) {
throw new SoapFault('database_name_error_unique', 'There is already a database with that name on the same server.');
return false;
@@ -135,7 +135,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);
}
@@ -169,7 +168,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);
}
@@ -239,7 +237,7 @@ class remoting_sites extends remoting {
$new_rec = $app->remoting_lib->getDataRecord($primary_id);
- $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = ? UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = ?", $primary_id, $primary_id);
foreach($records as $rec) {
$tmp_rec = $new_rec;
$tmp_rec['server_id'] = $rec['server_id'];
@@ -265,12 +263,12 @@ class remoting_sites extends remoting {
$app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);
$affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php', $primary_id);
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
}
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
}
@@ -336,7 +334,7 @@ class remoting_sites extends remoting {
return false;
}
- $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = '".$app->db->quote($ftp_user)."'");
+ $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = ?", $ftp_user);
//file_put_contents('/tmp/test.txt', serialize($data));
if(!isset($data['server_id'])) return false;
@@ -420,7 +418,7 @@ class remoting_sites extends remoting {
}
if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client_id));
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$params['client_group_id'] = $rec['groupid'];
}
@@ -437,7 +435,7 @@ class remoting_sites extends remoting {
$domain_id = $this->insertQuery('../sites/form/web_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
if ($readonly === true)
- $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
+ $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ?", $domain_id);
return $domain_id;
}
@@ -751,7 +749,7 @@ class remoting_sites extends remoting {
}
// Delete all users that belong to this folder. - taken from web_folder_delete.php
- $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $primary_id);
foreach($records as $rec) {
$this->deleteQuery('../sites/form/web_folder_user.tform.php', $rec['web_folder_user_id']);
//$app->db->datalogDelete('web_folder_user','web_folder_user_id',$rec['web_folder_user_id']);
@@ -889,8 +887,8 @@ class remoting_sites extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ?";
+ $all = $app->db->queryAllRecords($sql, $client_id);
return $all;
}
@@ -904,7 +902,7 @@ class remoting_sites extends remoting {
return false;
}
- $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $app->functions->intval($site_id));
+ $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $site_id);
return $result;
}
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index f42d22b070c655daa835c69659e65b365c163a8e..a8c228cfc0c3bec7ce43b957728bd3138a459798 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -90,15 +90,15 @@ class remoting {
}
//* Delete old remoting sessions
- $sql = "DELETE FROM remote_session WHERE tstamp < ".time();
+ $sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()";
$app->db->query($sql);
$username = $app->db->quote($username);
$password = $app->db->quote($password);
if($client_login == true) {
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -127,7 +127,7 @@ class remoting {
}
// now we need the client data
- $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($user['default_group']));
+ $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']);
if(!$client || $client['can_use_api'] != 'y') {
throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.');
return false;
@@ -140,13 +140,12 @@ class remoting {
$remote_functions = '';
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',1,$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, 1, $tstamp)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
- $sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
- $remote_user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";
+ $remote_user = $app->db->queryOneRecord($sql, $username, $password);
if($remote_user['remote_userid'] > 0) {
//* Create a remote user session
//srand ((double)microtime()*1000000);
@@ -155,9 +154,8 @@ class remoting {
$remote_functions = $remote_user['remote_functions'];
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, ?)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
throw new SoapFault('login_failed', 'The login failed. Username or password wrong.');
@@ -179,8 +177,8 @@ class remoting {
$session_id = $app->db->quote($session_id);
- $sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
- if($app->db->query($sql) != false) {
+ $sql = "DELETE FROM remote_session WHERE remote_session = ?";
+ if($app->db->query($sql, $session_id) != false) {
return true;
} else {
return false;
@@ -204,7 +202,7 @@ class remoting {
//* Check if no system user with that username exists
$username = $app->db->quote($params["username"]);
- $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = '$username'");
+ $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);
if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username ";
//* Stop on error while preparing the sql query
@@ -238,7 +236,7 @@ class remoting {
/* copied from the client_edit php */
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
@@ -251,10 +249,10 @@ class remoting {
$app->remoting_lib->ispconfig_sysuser_add($params, $insert_id);
if($reseller_id) {
- $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ".$insert_id);
- $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$reseller_id);
+ $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id);
+ $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id);
$app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']);
- $app->db->query("UPDATE client SET parent_client_id = ".$reseller_id." WHERE client_id = ".$insert_id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id);
}
}
@@ -475,9 +473,8 @@ class remoting {
$session_id = $app->db->quote($session_id);
- $now = time();
- $sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
- $session = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()";
+ $session = $app->db->queryOneRecord($sql, $session_id);
if($session['remote_userid'] > 0) {
return $session;
} else {
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0d89c1f1a13bb4f7f7d56ba7b7bcf724f934fabe..af0143fee53a9bcc5d16b0e04a9e47d40d0f2e2a 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -110,7 +110,7 @@ class remoting_lib extends tform_base {
if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) {
$client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid);
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid);
$this->client_id = $client['client_id'];
$client_login = true;
@@ -125,23 +125,11 @@ class remoting_lib extends tform_base {
$this->sys_groups = 1;
$_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* load system user - try with sysuser and before with userid (workarrond)
- /*
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
- if(empty($user["userid"])) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
- if(empty($user["userid"])) {
- $this->errorMessage .= "No sysuser with the ID $client_id found.";
- return false;
- }
- }*/
-
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id);
$this->sys_username = $user['username'];
$this->sys_userid = $user['userid'];
$this->sys_default_group = $user['default_group'];
$this->sys_groups = $user['groups'];
- // $_SESSION["s"]["user"]["typ"] = $user['typ'];
// we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin';
}
@@ -239,8 +227,8 @@ class remoting_lib extends tform_base {
return parent::getDataRecord($primary_id);
} elseif($primary_id == -1) {
// Return a array with all records
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape;
- return $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM ??";
+ return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
} else {
throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.');
return array();
@@ -263,9 +251,9 @@ class remoting_lib extends tform_base {
}
$sql_where = substr($sql_where, 0, -5);
if($sql_where == '') $sql_where = '1';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
+ $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
- return $app->db->queryAllRecords($sql);
+ return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
return array();
@@ -303,8 +291,8 @@ class remoting_lib extends tform_base {
$groups = $groupid;
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
- $app->db->query($sql1);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id);
}
function ispconfig_sysuser_update($params, $client_id){
@@ -314,18 +302,25 @@ class remoting_lib extends tform_base {
$client_id = $app->functions->intval($client_id);
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
else $password = $clear_password;
- if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
- $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
- $app->db->query($sql);
+ $params = array($username);
+ if ($clear_password) {
+ $pwstring = ", passwort = ?";
+ $params[] = $password;
+ } else {
+ $pwstring ="" ;
+ }
+ $params[] = $client_id;
+ $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?";
+ $app->db->query($sql, true, $params);
}
function ispconfig_sysuser_delete($client_id){
global $app;
$client_id = $app->functions->intval($client_id);
- $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
- $app->db->query($sql);
- $sql = "DELETE FROM sys_group WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "DELETE FROM sys_user WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
+ $sql = "DELETE FROM sys_group WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
}
}
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index 8b3a7cffc4b530136d472cbe4b7510a5cfbc3df8..bef2a1037838b2c3253c771b3b5d280b21ad49b9 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -66,9 +66,9 @@ class session {
function read ($session_id) {
if($this->timeout > 0) {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);
} else {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);
}
if (is_array($rec)) {
@@ -87,23 +87,18 @@ class session {
// Dont write session_data to DB if session data has not been changed after reading it.
if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
- $session_id = $this->db->quote($session_id);
- $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = '$session_id'");
+ $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);
return true;
}
if (@$this->session_array['session_id'] == '') {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id',NOW(),NOW(),'$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
- $this->db->query($sql);
+ $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)";
+ $this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n'));
} else {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";
+ $this->db->query($sql, $session_data, $session_id);
}
@@ -112,25 +107,20 @@ class session {
function destroy ($session_id) {
- $session_id = $this->db->quote($session_id);
- $sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE session_id = ?";
+ $this->db->query($sql, $session_id);
return true;
}
function gc ($max_lifetime) {
- /*if($this->timeout > 0) {
- $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
- } else {*/
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($max_lifetime) . " SECOND) AND `permanent` != 'y'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";
+ $this->db->query($sql, intval($max_lifetime));
- /* delete very old even if they are permanent */
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
- $this->db->query($sql);
- //}
+ /* delete very old even if they are permanent */
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
+ $this->db->query($sql);
return true;
diff --git a/interface/lib/classes/sites_database_plugin.inc.php b/interface/lib/classes/sites_database_plugin.inc.php
index bf53c61fadbc5d6494a99da32ff3943b7244ceff..f6180c2f8636d78c5573adf22d5b19bc33d84544 100644
--- a/interface/lib/classes/sites_database_plugin.inc.php
+++ b/interface/lib/classes/sites_database_plugin.inc.php
@@ -40,15 +40,15 @@ class sites_database_plugin {
global $app;
if($form_page->dataRecord["parent_domain_id"] > 0) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($form_page->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $form_page->dataRecord["parent_domain_id"]);
//* The Database user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
$backup_interval = $app->db->quote($web['backup_interval']);
$backup_copies = $app->functions->intval($web['backup_copies']);
- $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$form_page->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?";
+ $app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id);
}
}
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 7912f537dc78bb762ba11650ab2cd7b3ad2638f9..8905be0f440bc5e3eb56c4a7d8302cc9ab54cd13 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -166,7 +166,7 @@ class tform extends tform_base {
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another item
if($client["number"] >= 0) {
@@ -188,7 +188,7 @@ class tform extends tform_base {
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index dfc943c8822a33039ea0cd82cf7e4a65a171fc2d..f172fea1f4c5fceb824281c8e1b54ee7cc6b3446 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -82,7 +82,7 @@ class tform_actions {
// check if the client is locked - he may not change anything, then.
if(!$app->auth->is_admin()) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
+ $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(is_array($client) && $client['locked'] == 'y') {
$app->tform->errorMessage .= $app->lng("client_you_are_locked")." ";
}
@@ -311,7 +311,6 @@ class tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
}
- //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id);
$this->dataRecord = $app->tform->getDataRecord($this->id);
$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this);
@@ -324,7 +323,7 @@ class tform_actions {
$app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array());
}
- $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1");
+ $app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id);
// loading plugins
@@ -379,11 +378,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -423,11 +422,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']);
$app->tpl->setVar('show_mail', 1);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
$record["mailmessage"] = $_POST["message"];
@@ -459,11 +458,11 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -560,11 +559,11 @@ class tform_actions {
// bestehenden Datensatz anzeigen
if($app->tform->errorMessage == '') {
if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
} else {
// $record = $app->tform->encode($_POST,$this->active_tab);
$record = $app->tform->encode($this->dataRecord, $this->active_tab, false);
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index e27940d4f5c0270eaea15d4e5c02528cb9f1419a..0924be07f048bdf59af6668d4ea2e9280a913dec 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -347,7 +347,7 @@ class tform_base {
return $values;
} else {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$allowed = explode(',', $client['lm']);
}
}
@@ -359,7 +359,7 @@ class tform_base {
} else {
//* Get the limits of the client that is currently logged in
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
diff --git a/interface/lib/classes/tools_monitor.inc.php b/interface/lib/classes/tools_monitor.inc.php
index d8a09f4d6a1453d227b2a0e3d9788ff08c68e6a7..ad76e4effce5297006eb3facf637a5f66d2c342b 100644
--- a/interface/lib/classes/tools_monitor.inc.php
+++ b/interface/lib/classes/tools_monitor.inc.php
@@ -33,7 +33,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -80,7 +80,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -123,7 +123,7 @@ class tools_monitor {
function showDatabaseSize () {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
//* format the data
@@ -142,10 +142,12 @@ class tools_monitor {
if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']);
//* get the client
- $line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username'];
+ $tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']);
+ $line['client'] = $tmp['username'];
//* get the domain
- $line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain'];
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']);
+ $line['domain'] = $tmp['domain'];
//* remove the sys_groupid from output
unset($line['sys_groupid']);
@@ -166,7 +168,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -202,7 +204,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -236,7 +238,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -349,7 +351,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -379,7 +381,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -408,7 +410,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -441,7 +443,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -472,7 +474,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -506,7 +508,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -538,7 +540,7 @@ class tools_monitor {
function showIPTables() {
global $app;
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
'
@@ -562,7 +564,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -578,7 +580,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);
/* TODO: datetimeformat should be set somewhat other way */
$dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");
diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3400c5b708097d837a6880881b1e4a064d9fdd5d..989b9eae8d89795b25b72a1dbe99dfe90c8f4267 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -87,7 +87,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id'])) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -96,7 +96,7 @@ class tools_sites {
}
}
- $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = $this->convertClientName($clientName);
@@ -114,7 +114,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -122,7 +122,7 @@ class tools_sites {
return '[CLIENTID]';
}
}
- $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
$clientID = $tmp['client_id'];
if ($clientID == '') $clientID = '0';
return $clientID;
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index c67601bfb7d7c080bd5d9f15d086ab63e06d38dc..468a0220140f5f32f91ac88b56cfe3ecdcb680b5 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -43,7 +43,7 @@ class validate_client {
}
if($client_id == 0) {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -53,7 +53,7 @@ class validate_client {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -108,23 +108,23 @@ class validate_client {
switch ($field_name)
{
case 'web_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'dns_servers':
- $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'db_servers':
- $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'mail_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'xmpp_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
}
@@ -151,7 +151,7 @@ class validate_client {
}
// check if country is member of EU
- $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");
+ $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);
if($country_details['eu'] == 'y' && $vatid != ''){
$vatid = preg_replace('/\s+/', '', $vatid);
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index 212c4d75dccd8aaf7b537f342b9a7465be22cf10..a6920e0b01d4f033326b148f425d34631d2cb9bb 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -104,7 +104,7 @@ class validate_dns {
}
if(substr($field, -1) == '.' && $area == 'Name'){
- $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
+ $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ?", $zoneid);
if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']." \r\n";
}
diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index a072412584f51bb4a4d5b226c20009449df983c5..f3efe518b48581349559c6890332b2bd493eef7d 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -88,8 +88,8 @@ class validate_domain {
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
if ($settings['use_domain_module'] == 'y') {
- $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain);
- $domain_check = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?";
+ $domain_check = $app->db->queryOneRecord($sql, $check_domain);
if(!$domain_check) return;
$check_domain = $domain_check['domain'];
}
@@ -157,24 +157,27 @@ class validate_domain {
if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
if($domain['parent_domain_id'] > 0){
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']);
}
}
// check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well
- $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')");
+ $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id);
$additional_sql1 = '';
$additional_sql2 = '';
+ $domain_params = array();
if(is_array($aliassubdomains) && !empty($aliassubdomains)){
foreach($aliassubdomains as $aliassubdomain){
- $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'";
- $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'";
+ $additional_sql1 .= " OR d.domain = ?";
+ $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?";
+ $domain_params[] = $aliassubdomain['domain'];
}
}
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true, $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -185,8 +188,9 @@ class validate_domain {
}
if($only_domain == false) {
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -207,7 +211,7 @@ class validate_domain {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_wildcard"] == 'y') return true;
else return false;
diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 8e0663ecae9dc661df5051163a37a9b9d73a1bea..da8c100adcdb168287b97db8b81be580a36f6d13 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -50,7 +50,7 @@ class validate_ftpuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'");
+ $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id);
if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -66,7 +66,7 @@ class validate_ftpuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
index 2cab1cf44464c563b7296230cd3af6682d906aa3..74824b72ca592ad3b4506fee29f1f219e6d798fd 100644
--- a/interface/lib/classes/validate_systemuser.inc.php
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -95,7 +95,7 @@ class validate_systemuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'");
+ $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -111,7 +111,7 @@ class validate_systemuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/plugins/dns_dns_slave_plugin.inc.php b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
index aa2e20f9ab4089e5833de379049ee22f416f24a3..8f49ce69d0bc4c855f60a927cc120a38dee8f7ac 100644
--- a/interface/lib/plugins/dns_dns_slave_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
@@ -30,19 +30,19 @@ class dns_dns_slave_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/dns_dns_soa_plugin.inc.php b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
index 1cada0e932d59510d136542b8a3295933a434e37..8f047bef8b147c354cc400a082b4050a7b4befec 100644
--- a/interface/lib/plugins/dns_dns_soa_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
@@ -31,17 +31,17 @@ class dns_dns_soa_plugin {
$tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id));
if($tmp['diff_num'] > 0) {
// Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id);
+ $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id);
}
}
}
@@ -49,15 +49,15 @@ class dns_dns_soa_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
}
diff --git a/interface/lib/plugins/mail_mail_domain_plugin.inc.php b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
index 13f6009ee58d62a84aaf6cc4de54b9c48a5ca4e3..6af0c959414dfbf0bf47a87db9eeac589b98abc2 100644
--- a/interface/lib/plugins/mail_mail_domain_plugin.inc.php
+++ b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
@@ -31,23 +31,29 @@ class mail_mail_domain_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'";
+ $updates = "sys_groupid = ?, sys_perm_group = 'ru'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
$updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
//** If the domain name or owner has been changed, change the domain and owner in all mailbox records
@@ -57,9 +63,9 @@ class mail_mail_domain_plugin {
$mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail');
//* Update the mailboxes
- $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']);
$sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']);
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
if(is_array($mailusers)) {
foreach($mailusers as $rec) {
@@ -74,7 +80,7 @@ class mail_mail_domain_plugin {
}
//* Update the aliases
- $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']);
if(is_array($forwardings)) {
foreach($forwardings as $rec) {
$destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
@@ -84,7 +90,7 @@ class mail_mail_domain_plugin {
}
//* Update the mailinglist
- $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']);
if(is_array($mailing_lists)) {
foreach($mailing_lists as $rec) {
$app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']);
@@ -92,7 +98,7 @@ class mail_mail_domain_plugin {
}
//* Update the mailget records
- $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']);
if(is_array($mail_gets)) {
foreach($mail_gets as $rec) {
$destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
@@ -102,11 +108,11 @@ class mail_mail_domain_plugin {
if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) {
//* Delete the old spamfilter record
- $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);
unset($tmp);
}
- $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']);
} // end if domain name changed
}
diff --git a/interface/lib/plugins/mail_user_filter_plugin.inc.php b/interface/lib/plugins/mail_user_filter_plugin.inc.php
index 8faeab5e83aad6c63b01df88cc35689d36583099..d5a44305c6aee362246d6c410adeeee2f6d644a6 100644
--- a/interface/lib/plugins/mail_user_filter_plugin.inc.php
+++ b/interface/lib/plugins/mail_user_filter_plugin.inc.php
@@ -61,7 +61,7 @@ class mail_user_filter_plugin {
function mail_user_filter_edit($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -95,7 +95,7 @@ class mail_user_filter_plugin {
function mail_user_filter_del($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -124,7 +124,7 @@ class mail_user_filter_plugin {
global $app, $conf;
$app->uses("getconf");
- $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"]));
+ $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail');
if($mail_config['mail_filter_syntax'] == 'sieve') {
diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
index 1a880a1b10a0cd4d67cdc9861dbf917839b01c96..754c249ab9959208beba689b4b9a50971ae2b119 100644
--- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
@@ -31,13 +31,12 @@ class sites_web_database_user_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
- //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
}
}
diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
index b65c05bf2cd0546bcf853685a1e02b1278703c4d..3fce00ba32c509f8fac54961cbe1ff5fe118c641 100644
--- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
@@ -51,11 +51,11 @@ class sites_web_vhost_domain_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
// Get configuration for the web system
$app->uses("getconf");
@@ -73,15 +73,15 @@ class sites_web_vhost_domain_plugin {
// get the ID of the client
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);
$client_id = $app->functions->intval($client["client_id"]);
} elseif (isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
} else {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
}
@@ -89,24 +89,23 @@ class sites_web_vhost_domain_plugin {
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote('web'.$page_form->id);
- $system_group = $app->db->quote('client'.$client_id);
+ $system_user = 'web'.$page_form->id;
+ $system_group = 'client'.$client_id;
$document_root = str_replace("[client_id]", $client_id, $document_root);
$document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);
$document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
$document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
- $document_root = $app->db->quote($document_root);
if($event_name == 'sites:web_vhost_domain:on_after_update') {
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id);
// Update the FTP user(s) too
- $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
}
@@ -114,7 +113,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
// Update the webdav user(s) too
- $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));
}
@@ -122,7 +121,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
// Update the web folder(s) too
- $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id']));
}
@@ -130,7 +129,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
//* Update all web folder users
- $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));
}
@@ -138,7 +137,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
// Update the Shell user(s) too
- $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
}
@@ -146,7 +145,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
// Update the cron(s) too
- $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id']));
}
@@ -154,7 +153,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
//* Update all subdomains and alias domains
- $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'";
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
@@ -171,13 +170,13 @@ class sites_web_vhost_domain_plugin {
unset($rec);
//* Update all databases
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
}
//* Update all database users
- $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id']));
}
@@ -185,7 +184,7 @@ class sites_web_vhost_domain_plugin {
unset($rec);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
$app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']);
@@ -198,7 +197,7 @@ class sites_web_vhost_domain_plugin {
//* If the domain name has been changed, we will have to change all subdomains + APS instances
if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) {
- $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]);
foreach($records as $rec) {
$subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']));
$app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']);
@@ -208,7 +207,7 @@ class sites_web_vhost_domain_plugin {
unset($subdomain);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
$app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']);
@@ -220,8 +219,8 @@ class sites_web_vhost_domain_plugin {
//* Set allow_override if empty
if($web_rec['allow_override'] == '') {
- $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?";
+ $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id);
}
//* Set php_open_basedir if empty or domain or client has been changed
@@ -229,16 +228,16 @@ class sites_web_vhost_domain_plugin {
(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) {
$php_open_basedir = $web_rec['php_open_basedir'];
$php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
if(empty($web_rec['php_open_basedir']) ||
(isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) {
$document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root));
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
$php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
//* Change database backup options when web backup options have been changed
@@ -258,7 +257,7 @@ class sites_web_vhost_domain_plugin {
//* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed
if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) {
- $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);
}
@@ -267,27 +266,27 @@ class sites_web_vhost_domain_plugin {
}
} else {
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
-
- $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $web_config["htaccess_allow_override"];
+
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
} else {
if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) {
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'");
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote($parent_domain['system_user']);
- $system_group = $app->db->quote($parent_domain['system_group']);
- $document_root = $app->db->quote($parent_domain['document_root']);
+ $system_user = $parent_domain['system_user'];
+ $system_group = $parent_domain['system_group'];
+ $document_root = $parent_domain['document_root'];
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
- $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']);
- $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $parent_domain['allow_override'];
+ $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php
index fd442055623c273d166ba5094f88b76e44c8f222..278a87de31c909a390c4e402e5a676dedcc801d8 100644
--- a/interface/lib/plugins/vm_openvz_plugin.inc.php
+++ b/interface/lib/plugins/vm_openvz_plugin.inc.php
@@ -41,24 +41,24 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
// Set the VEID
$tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm');
$veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101;
- $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id);
unset($tmp);
// Apply template values to the advanced tab settings
$this->applyTemplate();
// Set the IP address
- $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -82,11 +82,11 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) {
@@ -94,7 +94,7 @@ class vm_openvz_plugin {
}
// Set the IP address
- if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -111,7 +111,7 @@ class vm_openvz_plugin {
global $app, $conf;
//* Free the IP address
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id));
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id);
$app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);
unset($tmp);
@@ -120,29 +120,29 @@ class vm_openvz_plugin {
private function applyTemplate() {
global $app, $conf;
- $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"]));
+ $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]);
$sql = "UPDATE openvz_vm SET ";
- $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', ";
- $sql .= "ram = '".$app->db->quote($tpl['ram'])."', ";
- $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', ";
- $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', ";
- $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', ";
- $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', ";
- $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', ";
- $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', ";
- $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', ";
- $sql .= "capability = '".$app->db->quote($tpl['capability'])."' ";
- $sql .= "WHERE vm_id = ".$app->functions->intval($this->id);
- $app->db->query($sql);
+ $sql .= "diskspace = ?, ";
+ $sql .= "ram = ?, ";
+ $sql .= "ram_burst = ?, ";
+ $sql .= "cpu_units = ?, ";
+ $sql .= "cpu_num = ?, ";
+ $sql .= "cpu_limit = ?, ";
+ $sql .= "io_priority = ?, ";
+ $sql .= "nameserver = ?, ";
+ $sql .= "create_dns = ?, ";
+ $sql .= "capability = ? ";
+ $sql .= "WHERE vm_id = ?";
+ $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id);
}
private function makeOpenVZConfig() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
- $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id']));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id));
+ $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id']));
$burst_ram = $vm['ram_burst']*256;
$guar_ram = $vm['ram']*256;
@@ -194,12 +194,12 @@ class vm_openvz_plugin {
$tpl->setVar('nameserver', $vm['nameserver']);
$tpl->setVar('capability', $vm['capability']);
- $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id']));
+ $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id']));
$tpl->setVar('ostemplate', $tmp['template_file']);
unset($tmp);
- $openvz_config = $app->db->quote($tpl->grab());
- $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id));
+ $openvz_config = $tpl->grab();
+ $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id));
unset($tpl);
@@ -208,7 +208,7 @@ class vm_openvz_plugin {
private function createDNS() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id));
if($vm['create_dns'] != 'y') return;
@@ -220,8 +220,8 @@ class vm_openvz_plugin {
unset($hostname_parts);
// Find the dns zone
- $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'");
- $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'");
+ $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone);
+ $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname);
if($zone_rec['id'] > 0) {
$ip_address = $app->db->quote($vm['ip_address']);
diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 6c29f766d100d03f548d815f26ffdd6c4956bd37..4dd26afbf6759aa1a001fd773e6fa851c72ba3b1 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 32bf0c4333b8973ec352bd7aee2fc07fac5ff633..263400665873c71a00137bcfb8d2e8d423e7bd5a 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -80,15 +80,8 @@ if (1 == 0 && isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'ispc_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'ispc_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 61c6c23823689ad99558e2becba462b0905ba3e6..8f48e29f2d472d6937c37e73af54237c3f0f8bd3 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -76,15 +76,8 @@ if (isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'os_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'os_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php
index 0adf313181a23764852fd72c63baef27b96c6e38..c2e746d5c58fce1e2d2b8a08b8fa92de282b4079 100644
--- a/interface/web/admin/server_edit.php
+++ b/interface/web/admin/server_edit.php
@@ -55,8 +55,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Getting Servers
- $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
- $mirror_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id != ? ORDER BY server_name";
+ $mirror_servers = $app->db->queryAllRecords($sql, $this->id);
$mirror_server_select = '';
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
diff --git a/interface/web/admin/server_ip_edit.php b/interface/web/admin/server_ip_edit.php
index c20f752b86c86c5535fe49a9a37b727ea5c0a469..f7872f4438954d47dc7dbdfbbd495b9032a5fe40 100644
--- a/interface/web/admin/server_ip_edit.php
+++ b/interface/web/admin/server_ip_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/server_php_edit.php b/interface/web/admin/server_php_edit.php
index f60ae997a051a92b5d389701debc40db26b184d9..12aacf60b92a687c75c71f33fad9abe5b83cad5a 100644
--- a/interface/web/admin/server_php_edit.php
+++ b/interface/web/admin/server_php_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index dd49f2e0b74ec0be3ec093cf7c548a51647cf46e..80e1fe6673d13a3f9e2b1275c829e96704200745 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -42,7 +42,7 @@ $package_name = $app->db->quote($_REQUEST['package']);
$install_server_id = $app->functions->intval($_REQUEST['server_id']);
$install_key = $app->db->quote(trim($_REQUEST['install_key']));
-$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '$package_name'");
+$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);
$install_key_verified = false;
$message_err = '';
@@ -51,7 +51,7 @@ $message_ok = '';
//* verify the key
if($package['package_installable'] == 'key' && $install_key != '') {
- $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
+ $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ?", $package['software_repo_id']);
$client = new SoapClient(null, array('location' => $repo['repo_url'],
'uri' => $repo['repo_url']));
@@ -71,8 +71,8 @@ if($package['package_installable'] == 'key' && $install_key != '') {
//* Install packages, if all requirements are fullfilled.
if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = ? ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $package_name);
$software_update_id = $tmp['software_update_id'];
//* if package requires a DB and there is no data for a db in config, then we create this data now
@@ -119,9 +119,8 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
- (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
-
- $app->db->query($sql);
+ (1, 1, 'riud', 'riud', '', ?, ?, ?)";
+ $app->db->query($sql, $remote_user, $remote_password_md5, $remote_functions);
}
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index f7bf25b9c24de6e40db966fcc1d095993a0e7f3c..c0c2f251766a76619b4697b2c8c1c7c2159aa334 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -49,7 +49,7 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
if(is_array($packages)) {
foreach($packages as $p) {
$package_name = $app->db->quote($p['name']);
- $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
+ $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = ?", $package_name);
$package_title = $app->db->quote($p['title']);
$package_description = $app->db->quote($p['description']);
@@ -60,14 +60,10 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$package_remote_functions = $app->db->quote($p['remote_functions']);
if(empty($tmp['package_id'])) {
- //$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";
- //$app->db->query($sql);
$insert_data = "(software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db,package_remote_functions) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db','$package_remote_functions')";
$app->db->datalogInsert('software_package', $insert_data, 'package_id');
$packages_added++;
} else {
- //$sql = "UPDATE software_package SET software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db' WHERE package_name = '$package_name'";
- //$app->db->query($sql);
$update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";
//echo $update_data;
$app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);
@@ -100,14 +96,9 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$type = $app->db->quote($u['type']);
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
- // Insert the update in the datbase
- //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
- //die($sql);
- //$app->db->query($sql);
$insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
$app->db->datalogInsert('software_update', $insert_data, 'software_update_id');
@@ -120,23 +111,6 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
}
}
-//* Install packages, if GET Request
-/*
-if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
- $server_id = $app->functions->intval($_GET['server_id']);
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
- $software_update_id = $tmp['software_update_id'];
-
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
- $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
-}
-*/
-
-
-
// Show the list in the interface
// Loading the template
$app->uses('tpl');
@@ -150,7 +124,7 @@ if(is_array($packages) && count($packages) > 0) {
foreach($packages as $key => $p) {
$installed_txt = '';
foreach($servers as $s) {
- $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
+ $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = ? AND server_id = ?", $p["package_name"], $s["server_id"]);
$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
if($inst['status'] == 'installed') {
diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php
index 321c42bc139f01791a11881d61cf87b1c8f437ec..e813ded74de2e2519283c20ac93207404d044473 100644
--- a/interface/web/admin/software_update_list.php
+++ b/interface/web/admin/software_update_list.php
@@ -81,14 +81,14 @@ if(is_array($repos)) {
$type = $app->db->quote($u['type']);
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
// Insert the update in the datbase
$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ VALUES ($software_repo_id, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
//die($sql);
- $app->db->query($sql);
+ $app->db->query($sql, $package_name, $update_url, $update_md5, $update_dependencies, $update_title, $v1, $v2, $v3, $v4, $type);
}
}
@@ -162,12 +162,12 @@ if(is_array($installed_packages)) {
foreach($installed_packages as $ip) {
// Get version number of the latest installed version
- $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
- $lu = $app->db->queryOneRecord($sql);
+ $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
+ $lu = $app->db->queryOneRecord($sql, $server_id);
// Get all installable updates
- $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
- $updates = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM software_update WHERE v1 >= ? AND v2 >= ? AND v3 >= ? AND v4 >= ? AND package_name = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
+ $updates = $app->db->queryAllRecords($sql, $lu['v1'], $lu['v2'], $lu['v3'], $lu['v4'], $ip['package_name']);
//die($sql);
if(is_array($updates)) {
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 7108f2707a8aa31bf498b143305dd2f127c8ae89..a9e56749017f68925b1dfa7d8ed7b60f4f6baf4a 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -165,8 +165,6 @@ class page_action extends tform_actions {
$server_config_array[$section] = $new_config;
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
- //if($conf['demo_mode'] != true) $app->db->query($sql);
if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
/*
@@ -190,21 +188,9 @@ class page_action extends tform_actions {
if($server_config_array['misc']['maintenance_mode'] == 'y'){
//print_r($_SESSION);
//echo $_SESSION['s']['id'];
- $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+ $app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);
}
}
-
- /*
- function onAfterUpdate() {
- if($this->_js_changed == true) {
- // not the best way, but it works
- header('Content-Type: text/html');
- print '';
- exit;
- }
- }
- */
-
}
$app->tform_actions = new page_action;
diff --git a/interface/web/admin/tpl_default.php b/interface/web/admin/tpl_default.php
index 57395cfb285436e69945474389d9be203545db90..c7b79112ca4cbf015637e94d662e7f8eeaafcd41 100644
--- a/interface/web/admin/tpl_default.php
+++ b/interface/web/admin/tpl_default.php
@@ -51,21 +51,6 @@ $app->load('tform_actions');
class page_action extends tform_actions {
- // function onBeforeUpdate() {
- // global $app, $conf;
- //
- // //* Check if the server has been changed
- // // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
- // if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
- // $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
- // if($rec['server_id'] != $this->dataRecord["server_id"]) {
- // //* Add a error message and switch back to old server
- // $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
- // $this->dataRecord["server_id"] = $rec['server_id'];
- // }
- // unset($rec);
- // }
- // }
}
$page = new page_action;
diff --git a/interface/web/admin/users_edit.php b/interface/web/admin/users_edit.php
index 0a14ca5e1e4e30bf11480d8d5f504f4874396876..78a86c633b2ddf3f0c90c3542ea4a4ef0552697f 100644
--- a/interface/web/admin/users_edit.php
+++ b/interface/web/admin/users_edit.php
@@ -96,16 +96,16 @@ class page_action extends tform_actions {
function onAfterUpdate() {
global $app, $conf;
- $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
+ $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $this->id);
$client_id = $app->functions->intval($client['client_id']);
$username = $app->db->quote($this->dataRecord["username"]);
$old_username = $app->db->quote($this->oldDataRecord['username']);
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
- $sql = "UPDATE client SET username = '$username' WHERE client_id = $client_id AND username = '$old_username'";
- $app->db->query($sql);
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
+ $sql = "UPDATE client SET username = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $username, $client_id, $old_username);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
$app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
unset($tmp);
}
@@ -120,28 +120,17 @@ class page_action extends tform_actions {
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
- $sql = "UPDATE client SET password = '$password' WHERE client_id = $client_id AND username = '$username'";
- $app->db->query($sql);
+ $sql = "UPDATE client SET password = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $password, $client_id, $username);
}
// language changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
$language = $app->db->quote($this->dataRecord["language"]);
- $sql = "UPDATE client SET language = '$language' WHERE client_id = $client_id AND username = '$username'";
- $app->db->query($sql);
+ $sql = "UPDATE client SET language = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $language, $client_id, $username);
}
- // reseller status changed
- /*
- if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
- $modules = $conf['interface_modules_enabled'];
- if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
- $modules = $app->db->quote($modules);
- $client_id = $this->id;
- $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
- $app->db->query($sql);
- }
- */
parent::onAfterUpdate();
}
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index a8cd7cc954749bbb3ca8809c3763177f2f06206b..7817bc37292db9c2be8fc5f3e79352af38fdec2d 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -74,11 +74,7 @@ class page_action extends tform_actions {
$this->dataRecord = $app->tform->getDataRecord($this->id);
$client_id = $app->functions->intval($this->dataRecord['client_id']);
-
-
- //$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- //$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ", $client_id);
// Get all records (sub-clients, mail, web, etc....) of this client.
$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';
@@ -89,7 +85,7 @@ class page_action extends tform_actions {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
$number = count($records);
if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
}
@@ -121,15 +117,15 @@ class page_action extends tform_actions {
if($client_id > 0) {
// remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
// delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
// delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
// Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain';
@@ -138,7 +134,7 @@ class page_action extends tform_actions {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -152,11 +148,11 @@ class page_action extends tform_actions {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 5c47fe5fa187c071ac50ffbee1cbda0f27b832ff..b03c09267da1598448d29e41a6f88d514f0bcb72 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -59,11 +59,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -82,11 +82,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 5707e88206be5b02ffe24d8be088f3d14d184b2b..3d6e1de934c652ed59709c655d1cf744066cba9c 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -60,7 +60,7 @@ if(isset($_POST) && count($_POST) > 1) {
//* Send message
if($error == '') {
if($app->functions->intval($_POST['recipient']) > 0){
- $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+ $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);
if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
$tmp_client_ids = explode(',', $circle['client_ids']);
$where = array();
diff --git a/interface/web/client/client_template_del.php b/interface/web/client/client_template_del.php
index b57224f8ebfd3d73f4852f5f5185491a49f4ad16..12883546020b88afe12c9768603a76604dc508bf 100644
--- a/interface/web/client/client_template_del.php
+++ b/interface/web/client/client_template_del.php
@@ -54,13 +54,13 @@ class page_action extends tform_actions {
global $app;
// check new style
- $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ?", $this->id);
if($rec['number'] > 0) {
$app->error($app->tform->lng('template_del_aborted_txt'));
}
// check old style
- $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ".$this->id." OR template_additional like '%/".$this->id."/%'");
+ $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ? OR template_additional like ?", $this->id, '%/".$this->id."/%');
if($rec['number'] > 0) {
$app->error($app->tform->lng('template_del_aborted_txt'));
}
diff --git a/interface/web/client/client_template_edit.php b/interface/web/client/client_template_edit.php
index 256ff49732350fbd23ef1255659fe28381f5211b..a895105ef6921eed10501e6a8b6f2ced47e9756c 100644
--- a/interface/web/client/client_template_edit.php
+++ b/interface/web/client/client_template_edit.php
@@ -69,7 +69,7 @@ class page_action extends tform_actions {
if(isset($this->dataRecord['template_type'])) {
//* Check if the template_type has been changed
- $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ?", $this->id);
if($rec['template_type'] != $this->dataRecord['template_type']) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The template type can not be changed.');
@@ -99,11 +99,12 @@ class page_action extends tform_actions {
* the template has changed. apply the new data to all clients
*/
if ($template_type == 'm'){
- $sql = "SELECT client_id FROM client WHERE template_master = " . $this->id;
+ $sql = "SELECT client_id FROM client WHERE template_master = ?";
+ $clients = $app->db->queryAllRecords($sql, $this->id);
} else {
- $sql = "SELECT client_id FROM client WHERE template_additional LIKE '%/" . $this->id . "/%' OR template_additional LIKE '" . $this->id . "/%' OR template_additional LIKE '%/" . $this->id . "' UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = " . $this->id;
+ $sql = "SELECT client_id FROM client WHERE template_additional LIKE ? OR template_additional LIKE ? OR template_additional LIKE ? UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = ?";
+ $clients = $app->db->queryAllRecords($sql, '%/' . $this->id . '/%', $this->id . '/%', '%/' . $this->id, $this->id);
}
- $clients = $app->db->queryAllRecords($sql);
if (is_array($clients)){
foreach ($clients as $client){
$app->client_templates->apply_client_templates($client['client_id']);
diff --git a/interface/web/client/domain_del.php b/interface/web/client/domain_del.php
index 6bc07e60ddebfd823adf6933e4bc8d113bcc97ff..701b4494b8f92a1885a45ca750931a1f30a852f2 100644
--- a/interface/web/client/domain_del.php
+++ b/interface/web/client/domain_del.php
@@ -62,26 +62,26 @@ class page_action extends tform_actions {
*/
$domain = $this->dataRecord['domain'];
- $sql = "SELECT id FROM dns_soa WHERE origin = '" . $app->db->quote($domain.".") . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT id FROM dns_soa WHERE origin = ?";
+ $res = $app->db->queryOneRecord($sql, $domain.".");
if (is_array($res)){
$app->error($wb['error_domain_in dnsuse']);
}
- $sql = "SELECT id FROM dns_slave WHERE origin = '" . $app->db->quote($domain.".") . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT id FROM dns_slave WHERE origin = ?";
+ $res = $app->db->queryOneRecord($sql, $domain.".");
if (is_array($res)){
$app->error($wb['error_domain_in dnsslaveuse']);
}
- $sql = "SELECT domain_id FROM mail_domain WHERE domain = '" . $app->db->quote($domain) . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id FROM mail_domain WHERE domain = ?";
+ $res = $app->db->queryOneRecord($sql, $domain);
if (is_array($res)){
$app->error($wb['error_domain_in mailuse']);
}
- $sql = "SELECT domain_id FROM web_domain WHERE (domain = '" . $app->db->quote($domain) . "' AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE '%." . $app->db->quote($domain) . "' AND type IN ('subdomain', 'vhostsubdomain'))";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id FROM web_domain WHERE (domain = ? AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE ? AND type IN ('subdomain', 'vhostsubdomain'))";
+ $res = $app->db->queryOneRecord($sql, $domain, '%.' . $domain);
if (is_array($res)){
$app->error($wb['error_domain_in webuse']);
}
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 889bb4f4bdf2966be36002dd4df78e3dfb7aff6f..694746f8e5fd6efae59dda236cc2ec725a25cf72 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -97,13 +97,13 @@ class page_action extends tform_actions {
} else {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
//die($sql);
- $records = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($records)) {
@@ -197,7 +197,7 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) || ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
}
}
@@ -206,23 +206,23 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name");
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? AND sys_group.groupid = ? ORDER BY client.company_name, client.contact_name, sys_group.name", $client['client_id'], $this->dataRecord["client_group_id"]);
$this->dataRecord["client_group_id"] = $group["groupid"];
- }
+ }
// make sure that the record belongs to the client group and not the admin group when admin inserts it
// also make sure that the user can not delete domain created by a admin
if(isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
$data = new tform_actions();
$tform = $app->tform;
$app->tform = new tform();
$app->tform->loadFormDef("../dns/form/dns_soa.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin LIKE '".$this->dataRecord['domain'].".'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $this->dataRecord['domain'].".");
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['id'];
@@ -230,7 +230,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../dns/form/dns_slave.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin LIKE '".$this->dataRecord['domain'].".'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ?", $this->dataRecord['domain'].".");
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['id'];
@@ -238,7 +238,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../mail/form/mail_domain.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$this->dataRecord['domain']."'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']);
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['domain_id'];
@@ -246,7 +246,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../sites/form/web_vhost_domain.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$this->dataRecord['domain']."'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $this->dataRecord['domain']);
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['domain_id'];
diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php
index 819e267657aab3c753984138b8512f4993d0ef20..7d285ac7ef86e6bd1f6ee7a379ef21cb24f62e7d 100644
--- a/interface/web/client/message_template_edit.php
+++ b/interface/web/client/message_template_edit.php
@@ -56,12 +56,11 @@ class page_action extends tform_actions {
// Check for duplicates
if($this->dataRecord['template_type'] == 'welcome') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
+ $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
if($this->id > 0) {
- $sql .= " AND client_message_template_id != ".$this->id;
+ $sql .= " AND client_message_template_id != ?";
}
-
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $client_group_id, $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng('duplicate_welcome_error');
}
diff --git a/interface/web/client/reseller_del.php b/interface/web/client/reseller_del.php
index e9d1dd32b8947a67bd2544b269fe4d61cbcc81ee..55872beabd3567f1c536bf775ac534d3d6133cee 100644
--- a/interface/web/client/reseller_del.php
+++ b/interface/web/client/reseller_del.php
@@ -59,7 +59,7 @@ class page_action extends tform_actions {
$client_id = $app->functions->intval($this->dataRecord['client_id']);
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ".$client_id);
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ?", $client_id);
if($tmp["number"] > 0) $app->error($app->lng('error_has_clients'));
}
@@ -74,15 +74,15 @@ class page_action extends tform_actions {
// remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
// delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
// delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
}
}
diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index 4a7cc874077c524334e7438585536e9d8c9c75d1..2c5fcbc28c898c1b8a3744298dca27eab7c215bc 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -61,11 +61,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -84,11 +84,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php
index 6c04d5877d6aa3724c96a7deff56061310706a11..c806e10d4762098ea678c429e8a653eb3c90c963 100644
--- a/interface/web/dashboard/dashboard.php
+++ b/interface/web/dashboard/dashboard.php
@@ -51,7 +51,7 @@ $app->tpl_defaults();
if($_SESSION['s']['user']['typ'] == 'admin') {
$name = $_SESSION['s']['user']['username'];
} else {
- $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
$name = $tmp['contact_name'];
}
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 70113f3969f80243d9ed3f6e2921dd25f1285508..2455da87bdeabd7c4d088f3dbbd5b0bf90ba0c1e 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -130,7 +130,7 @@ class dashlet_limits {
if($user_is_admin == false) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$rows = array();
@@ -164,10 +164,10 @@ class dashlet_limits {
function _get_limit_usage($limit) {
global $app;
- $sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
+ $sql = "SELECT count(sys_userid) as number FROM ?? WHERE ";
if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
$sql .= $app->tform->getAuthSQL('r');
- $rec = $app->db->queryOneRecord($sql);
+ $rec = $app->db->queryOneRecord($sql, $limit['db_table']);
return $rec['number'];
}
diff --git a/interface/web/dns/ajax_get_json.php b/interface/web/dns/ajax_get_json.php
index 781fa8e8c1c9d99c8c17f7fa91a91676f45efac0..c2da4dce631172dab52b487509e639da8a6988d2 100644
--- a/interface/web/dns/ajax_get_json.php
+++ b/interface/web/dns/ajax_get_json.php
@@ -34,129 +34,26 @@ require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('dns');
-//$app->uses('tform');
-
$type = $_GET["type"];
-//if($_SESSION["s"]["user"]["typ"] == 'admin') {
-
-
if($type == 'get_ipv4'){
- //$q = $app->db->quote(trim($_GET["q"]));
- //$authsql = " AND ".$app->tform->getAuthSQL('r');
- //$modules = explode(',', $_SESSION['s']['user']['modules']);
-
$result = array();
// ipv4
- //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
$result[] = $app->functions->suggest_ips('IPv4');
$json = $app->functions->json_encode($result);
}
if($type == 'get_ipv6'){
- //$q = $app->db->quote(trim($_GET["q"]));
- //$authsql = " AND ".$app->tform->getAuthSQL('r');
- //$modules = explode(',', $_SESSION['s']['user']['modules']);
-
$result = array();
// ipv6
- //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
$result[] = $app->functions->suggest_ips('IPv6');
$json = $app->functions->json_encode($result);
}
-//}
-
-/*
-function _search($module, $section, $additional_sql = '', $unique = false){
- global $app, $q, $authsql, $modules;
-
- $result_array = array('cheader' => array(), 'cdata' => array());
- if(in_array($module, $modules) || ($module == 'admin' && $section == 'server_ip')){
- $search_fields = array();
- $desc_fields = array();
- if(is_file('../'.$module.'/form/'.$section.'.tform.php')){
- include_once('../'.$module.'/form/'.$section.'.tform.php');
-
- $category_title = $form["title"];
- $form_file = $form["action"];
- $db_table = $form["db_table"];
- $db_table_idx = $form["db_table_idx"];
- $order_by = $db_table_idx;
-
- if(is_array($form["tabs"]) && !empty($form["tabs"])){
- foreach($form["tabs"] as $tab){
- if(is_array($tab['fields']) && !empty($tab['fields'])){
- foreach($tab['fields'] as $key => $val){
- if(isset($val['searchable']) && $val['searchable'] > 0){
- $search_fields[] = $key." LIKE '%".$q."%'";
- if($val['searchable'] == 1){
- $order_by = $key;
- $title_key = $key;
- }
- if($val['searchable'] == 2){
- $desc_fields[] = $key;
- }
- }
- }
- }
- }
- }
- }
- unset($form);
-
- $where_clause = '';
- if(!empty($search_fields)){
- $where_clause = implode(' OR ', $search_fields);
- } else {
- // valid SQL query which returns an empty result set
- $where_clause = '1 = 0';
- }
- if($where_clause != '') $where_clause = '('.$where_clause.')';
- if($additional_sql != '') $where_clause .= ' '.$additional_sql.' ';
- $order_clause = '';
- if($order_by != '') $order_clause = ' ORDER BY '.$order_by;
-
- $sql = "SELECT * FROM ".$db_table." WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
- $results = $app->db->queryAllRecords($sql);
-
- if(is_array($results) && !empty($results)){
- $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
- if(is_file($lng_file)) include($lng_file);
- $result_array['cheader'] = array('title' => $category_title,
- 'total' => count($results),
- 'limit' => count($results)
- );
- foreach($results as $result){
- $description = '';
- if(!empty($desc_fields)){
- $desc_items = array();
- foreach($desc_fields as $desc_field){
- if($result[$desc_field] != '') $desc_items[] = $wb[$desc_field.'_txt'].': '.$result[$desc_field];
- }
- if(!empty($desc_items)) $description = implode(' - ', $desc_items);
- }
-
- $result_array['cdata'][] = array( 'title' => $wb[$title_key.'_txt'].': '.$result[$title_key],
- 'description' => $description,
- 'onclick' => '',
- 'fill_text' => $result[$title_key]
- );
- }
- if($unique === true){
- $result_array['cdata'] = array_unique($result_array['cdata']);
- $result_array['cheader']['total'] = $result_array['cheader']['limit'] = count($result_array['cdata']);
- }
- }
- }
- return $result_array;
-}
-*/
-
header('Content-type: application/json');
echo $json;
?>
diff --git a/interface/web/dns/dns_a_edit.php b/interface/web/dns/dns_a_edit.php
index 729c3c370ff2426937a72d26440ca3187725e7ab..792a90aaa3815b19a760c7720d62550a11e73336 100644
--- a/interface/web/dns/dns_a_edit.php
+++ b/interface/web/dns/dns_a_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -97,7 +97,7 @@ class page_action extends tform_actions {
} // end if user is not admin
//* Check for duplicates where IP and hostname are the same
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and data = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->dataRecord["data"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")." ";
unset($tmp);
@@ -106,7 +106,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -117,7 +117,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -130,7 +130,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_aaaa_edit.php b/interface/web/dns/dns_aaaa_edit.php
index ba7ae963a977b309e684ecbf129ca77934189ece..867dabb949ec00e2e262853ad27d29b6c526659b 100644
--- a/interface/web/dns/dns_aaaa_edit.php
+++ b/interface/web/dns/dns_aaaa_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_alias_edit.php b/interface/web/dns/dns_alias_edit.php
index 5613810e81c91ac1efeb6d00eb9935a354929814..1c58bd8f50cf4bbc9803b846369a6824f8b9e35c 100644
--- a/interface/web/dns/dns_alias_edit.php
+++ b/interface/web/dns/dns_alias_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_cname_edit.php b/interface/web/dns/dns_cname_edit.php
index 8ab1e6be910a4570ad92f409cfb806a37a567dc7..0979b6fff03a5d967fe123bcea9a5ae75368863f 100644
--- a/interface/web/dns/dns_cname_edit.php
+++ b/interface/web/dns/dns_cname_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -97,7 +97,7 @@ class page_action extends tform_actions {
} // end if user is not admin
//* Check for duplicates where IP and hostname are the same
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")." ";
unset($tmp);
@@ -106,7 +106,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -117,7 +117,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -130,7 +130,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 1a01463b9fd0e344e9d58a986c943ea83f8bb886..5756484dec2f50077beb4e2e20a93e1e024b1952 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -71,8 +71,8 @@ class page_action extends tform_actions {
parent::onShowNew();
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_GET['zone'], $app->tform->getAuthSQL('r'));
- $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ?", substr_replace($soa['origin'],'',-1), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_GET['zone']);
+ $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND " . $app->tform->getAuthSQL('r'), substr_replace($soa['origin'],'',-1));
$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);
$app->tpl->setVar('public_key', $public_key);
$app->tpl->setVar('selector', $sql['dkim_selector']);
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST["zone"], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -126,7 +126,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -139,7 +139,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index e18e91eba38c7fbc793714af51621fc4f7b4f17f..d7f684dbd3b4b3eb8866cc0f3d8c8c39e4571e52 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -74,8 +74,8 @@ class page_action extends tform_actions {
$zone = $app->functions->intval($_GET['zone']);
// get domain-name
- $sql = "SELECT * FROM dns_soa WHERE id = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone);
$domain_name = rtrim($rec['origin'], '.');
// set defaults
@@ -88,8 +88,8 @@ class page_action extends tform_actions {
$dmarc_sp = 'same';
//* check for an existing dmarc-record
- $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.');
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
@@ -204,7 +204,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST['zone'], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -349,7 +349,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -363,7 +363,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_hinfo_edit.php b/interface/web/dns/dns_hinfo_edit.php
index ed25dccdb74d9c70dc1c1056bc8752bb026580b2..9a674bf2b7a13e81d3686c736573b16afc1a7a92 100644
--- a/interface/web/dns/dns_hinfo_edit.php
+++ b/interface/web/dns/dns_hinfo_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 5598b5664b8fe99e132291f65170c77c16c71919..8dee39b130d1d2742f8a6712e1acc86ecfb8be3a 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -106,13 +106,13 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '';
if(is_array($clients)) {
foreach( $clients as $client) {
@@ -127,7 +127,7 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -138,8 +138,8 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
@@ -199,8 +199,8 @@ $app->tpl->setVar($wb);
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
$valid_zone_file = FALSE;
- $sql = "SELECT server_name FROM `server` WHERE server_id=".$app->functions->intval($server_id)." OR mirror_server_id=".$app->functions->intval($server_id)." ORDER BY server_name ASC";
- $servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_name FROM `server` WHERE server_id=? OR mirror_server_id=? ORDER BY server_name ASC";
+ $servers = $app->db->queryAllRecords($sql, $server_id, $server_id);
for ($i=0;$idb->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if record is existing already
- $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"]);
+
if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);
@@ -123,7 +124,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if record is existing already
- $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND id != ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"], $this->dataRecord["id"]);
if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);
@@ -134,7 +135,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -147,7 +148,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_ns_edit.php b/interface/web/dns/dns_ns_edit.php
index b61254dac722a9fb308cc309c6050b8d150cd85c..7ed47f0f6739e84359eeac0e18404f3ac75cf762 100644
--- a/interface/web/dns/dns_ns_edit.php
+++ b/interface/web/dns/dns_ns_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_ptr_edit.php b/interface/web/dns/dns_ptr_edit.php
index 4e26f226ed2eb2566195a203c70351974b272a53..016cee8d5bba355f8aa26de1e9bcda27a0746641 100644
--- a/interface/web/dns/dns_ptr_edit.php
+++ b/interface/web/dns/dns_ptr_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_rp_edit.php b/interface/web/dns/dns_rp_edit.php
index 62bf1a9ac6e4ac96de247e7c22c116327efedb76..53cd879a8a118b7d39043bfba47c974d71dead1e 100644
--- a/interface/web/dns/dns_rp_edit.php
+++ b/interface/web/dns/dns_rp_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_rr_del.php b/interface/web/dns/dns_rr_del.php
index a20c9c07d3c637d711106846b08cf6cdf226bef4..1098b653f390c1c7b4f08b71de5059f687dbdc63 100644
--- a/interface/web/dns/dns_rr_del.php
+++ b/interface/web/dns/dns_rr_del.php
@@ -54,7 +54,7 @@ class page_action extends tform_actions {
global $app; $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($this->dataRecord["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_slave_del.php b/interface/web/dns/dns_slave_del.php
index d3ca18fbc1ed3f700a5459aaae0433a164b587b4..d8b2a243e4540861bdb70c01a6092d089784bb8c 100644
--- a/interface/web/dns/dns_slave_del.php
+++ b/interface/web/dns/dns_slave_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all records that belog to this zone.
- $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('dns_slave', 'id', $rec['id']);
}
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 0ae2ac4c4a5644582f5a41ac08d49fe8f5083e6c..44103608eb4cc7754296237dfacef777fbfd9d64 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -99,12 +99,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -176,12 +176,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
@@ -203,7 +203,7 @@ class page_action extends tform_actions {
if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';
//* Check if a primary zone with the same name already exists
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = ? AND server_id = ?", $this->dataRecord["origin"], $this->dataRecord["server_id"]);
if($tmp["number"] > 0) {
$app->error($app->tform->wordbook["origin_error_unique"]);
}
@@ -215,7 +215,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if record is existing already
- $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ? AND server_id = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["origin"], $this->dataRecord["server_id"]);
if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);
diff --git a/interface/web/dns/dns_soa_del.php b/interface/web/dns/dns_soa_del.php
index f9a06fcfbd4535ac8f7c3d380c4de8ae58a318f7..fee2138f8579708ed7f6085daef93710c36ea438 100644
--- a/interface/web/dns/dns_soa_del.php
+++ b/interface/web/dns/dns_soa_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all records that belog to this zone.
- $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('dns_rr', 'id', $rec['id']);
}
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index e39c37781d795fd4869e824e9ca3457e42c214e7..96c20a1cb3d2606c8da4c1a91960eb4ba67dd12c 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -109,12 +109,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -133,7 +133,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -144,8 +144,8 @@ class page_action extends tform_actions {
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
@@ -219,7 +219,7 @@ function onSubmit() {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
@@ -231,14 +231,14 @@ function onSubmit() {
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
} else {
// Check if the user may add another maildomain.
if($client["limit_dns_zone"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_zone"]) {
$app->error($app->tform->wordbook["limit_dns_zone_txt"]);
}
@@ -246,13 +246,6 @@ function onSubmit() {
}
}
- /*
- // Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- */
-
-
//* Check if soa, ns and mbox have a dot at the end
if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';
if(strlen($this->dataRecord["ns"]) > 0 && substr($this->dataRecord["ns"], -1, 1) != '.') $this->dataRecord["ns"] .= '.';
@@ -282,7 +275,7 @@ function onBeforeUpdate () {
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ?", $this->id);
$drOrigin = (isset($this->dataRecord['origin']))
? $app->functions->idn_encode($this->dataRecord['origin'])
: false;
diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index b20a34040480814bc58faa0790b2c9229acca45d..d3ddb6a2544391a861e36a19f478f03d0677f78b 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = =", $client_group_id);
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
@@ -77,8 +77,8 @@ class page_action extends tform_actions {
$zone = $app->functions->intval($_GET['zone']);
//* check for an existing spf-record
- $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
+ $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone);
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
@@ -134,7 +134,7 @@ class page_action extends tform_actions {
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($_POST["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($_POST["zone"]));
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -241,7 +241,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -255,7 +255,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php
index e2d0beae209d0a46f6c15655b94eb1078c0a78e2..4589834b63a521bc035900c15bdf52c6451f340f 100644
--- a/interface/web/dns/dns_srv_edit.php
+++ b/interface/web/dns/dns_srv_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -97,7 +97,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -106,11 +106,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -133,7 +133,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -146,7 +146,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_txt_edit.php b/interface/web/dns/dns_txt_edit.php
index ca5b8384c5e1dbd2f7e25831723ec908235964dd..20e0c5e761369a1a243493517ce3a4f706d665db 100644
--- a/interface/web/dns/dns_txt_edit.php
+++ b/interface/web/dns/dns_txt_edit.php
@@ -58,11 +58,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -76,7 +76,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
@@ -125,7 +125,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index b27c66a6732918e4107fa0160a152f62648c9645..666ff6a6b29264c547b65d34da7ee63c94290023 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -107,14 +107,14 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if ($domains_settings['use_domain_module'] != 'y') {
// load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '';
if(is_array($clients)) {
foreach( $clients as $client) {
@@ -130,7 +130,7 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -141,8 +141,8 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
@@ -155,7 +155,7 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
}
-$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
+$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
foreach($fields as $field) {
@@ -203,7 +203,7 @@ if($_POST['create'] == 1) {
if ($post_server_id)
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php
index 53b2992c622465d6ab56a5b6176aceb49a4caa46..128480dca2c2573d3dcb630a4a4d0730d00ce640 100644
--- a/interface/web/help/faq_list.php
+++ b/interface/web/help/faq_list.php
@@ -29,7 +29,7 @@ if(!$hf_section)
$app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section";
-if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=$hf_section");
+if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);
// Start the form rendering and action ahndling
echo "
FAQ: ".$res['hfs_name']."
";
if($hf_section) $app->listform_actions->onLoad();
diff --git a/interface/web/help/form/support_message.tform.php b/interface/web/help/form/support_message.tform.php
index d982712c6499f4a77de2d80b07dc28653f7f072a..d80cc158157afa3f8aa6b79fc97dddad9b76a546 100644
--- a/interface/web/help/form/support_message.tform.php
+++ b/interface/web/help/form/support_message.tform.php
@@ -46,7 +46,7 @@ $sm_default_subject = '';
if(isset($_GET['reply']))
{
$sm_msg_id = preg_replace("/[^0-9]/", "", $_GET['reply']);
- $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=$sm_msg_id");
+ $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=?", $sm_msg_id);
if($res['sender_id'])
{
$sm_default_recipient_id = $res['sender_id'];
diff --git a/interface/web/help/support_message_edit.php b/interface/web/help/support_message_edit.php
index 2d47bbf2513d7fa8397a929ed2a3ee63d5765df0..4fcf5da215b7a99e226eacce34d52dd3612d89e6 100644
--- a/interface/web/help/support_message_edit.php
+++ b/interface/web/help/support_message_edit.php
@@ -33,8 +33,8 @@ class page_action extends tform_actions {
//* Get recipient email address
if($this->dataRecord['recipient_id'] > 1){
- $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+ $client = $app->db->queryOneRecord($sql, $this->dataRecord['recipient_id']);
$recipient_email = $client['email'];
} else {
$app->uses('ini_parser,getconf');
@@ -44,8 +44,8 @@ class page_action extends tform_actions {
//* Get sender email address
if($this->dataRecord['sender_id'] > 1){
- $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+ $client = $app->db->queryOneRecord($sql, $this->dataRecord['sender_id']);
$sender_email = $client['email'];
} else {
$app->uses('ini_parser,getconf');
@@ -91,7 +91,7 @@ class page_action extends tform_actions {
//* read only template if a existing message is loaded
if($this->id > 0) {
$app->tform->formDef['tabs']['message']['template'] = 'templates/support_message_view.htm';
- $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ".$this->id);
+ $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ?", $this->id);
if ($record['tstamp'] > 0) {
// is value int?
if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record['tstamp'], $p)) {
@@ -113,7 +113,7 @@ class page_action extends tform_actions {
global $app, $conf;
if($_SESSION['s']['user']['typ'] == 'admin') {
- $app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
+ $app->db->query("UPDATE support_message SET sys_userid = ? WHERE support_message_id = ?", $this->dataRecord['recipient_id'], $this->id);
}
}
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 80c4d17c719a4386b3fe88a3c086270f8cb02cff..1c4f20d4d95a32754abf788139266d8a1062b4ea 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -103,13 +103,13 @@ class login_index {
/* this is the one currently logged in (normal user) */
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");
+ $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
/* this is the reseller, that shall be re-logged in */
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $tmp = $app->db->queryOneRecord($sql, $username, $passwort);
$client_group_id = $app->functions->intval($tmp['default_group']);
- $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
die("You don't have the right to 'login as' this user!");
@@ -125,12 +125,12 @@ class login_index {
} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
/* a reseller wants to 'login as', we need to check if he is allowed to */
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
+ $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $res_client_group_id);
/* this is the user the reseller wants to 'login as' */
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $tmp = $app->db->queryOneRecord($sql);
- $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $tmp = $app->db->queryOneRecord($sql, $username, $passwort);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
die("You don't have the right to login as this user!");
@@ -147,21 +147,21 @@ class login_index {
}
//* Check if there are already wrong logins
- $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
- $alreadyfailed = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
$error = $app->lng('error_user_too_many_logins');
} else {
if ($loginAs){
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $user = $app->db->queryOneRecord($sql, $username, $passwort);
} else {
if(stristr($username, '@')) {
//* mailuser login
- $sql = "SELECT * FROM mail_user WHERE login = '$username' or email = '$username'";
- $mailuser = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
+ $mailuser = $app->db->queryOneRecord($sql, $username, $username);
$user = false;
if($mailuser) {
$saved_password = stripslashes($mailuser['password']);
@@ -187,8 +187,8 @@ class login_index {
} else {
//* normal cp user login
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -225,8 +225,8 @@ class login_index {
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
if(!$maintenance_mode || $user['typ'] == 'admin'){
// User login right, so attempts can be deleted
- $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";
- $app->db->query($sql);
+ $sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
+ $app->db->query($sql, $ip);
$user = $app->db->toLower($user);
if ($loginAs) $oldSession = $_SESSION['s'];
@@ -290,12 +290,12 @@ class login_index {
if(!$alreadyfailed['times'] )
{
//* user login the first time wrong
- $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('{$ip}', 1, NOW())";
- $app->db->query($sql);
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $ip);
} elseif($alreadyfailed['times'] >= 1) {
//* update times wrong
- $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '{$time}' LIMIT 1";
- $app->db->query($sql);
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $ip);
}
//* Incorrect login - Username and password incorrect
$error = $app->lng('error_user_password_incorrect');
diff --git a/interface/web/login/login_as.php b/interface/web/login/login_as.php
index bcbb10a789583e869fedae34441b5d48901f25a0..85bc3662b4d661974b529eea7e42e865eb0297f0 100644
--- a/interface/web/login/login_as.php
+++ b/interface/web/login/login_as.php
@@ -54,13 +54,13 @@ if(isset($_GET['id'])) {
$backlink = 'admin/users_list.php';
} else {
$client_id = $app->functions->intval($_GET['cid']);
- $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id");
- $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
+ $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = ?", $client_id);
+ $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = ?", $tmp_client['username']);
$userId = $app->functions->intval($tmp_sys_user['userid']);
/* check if this client belongs to reseller that tries to log in, if we are not admin */
if($_SESSION["s"]["user"]["typ"] != 'admin') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) {
die("You don't have the right to login as this user!");
}
@@ -76,7 +76,7 @@ if(isset($_GET['id'])) {
* Get the data to login as user x
*/
$dbData = $app->db->queryOneRecord(
- "SELECT username, passwort FROM sys_user WHERE userid = " . $userId);
+ "SELECT username, passwort FROM sys_user WHERE userid = ?", $userId);
/*
* Now generate the login-Form
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 5eac46a79ed1b79b5652ff86b2d098d01f2181af..a83e6854bba2ad37a3d8e5ddb4133287f5020c9d 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -65,8 +65,8 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$new_password_encrypted = $app->db->quote($new_password_encrypted);
$username = $app->db->quote($client['username']);
- $app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");
- $app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'");
+ $app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username);
+ $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);
$app->tpl->setVar("message", $wb['pw_reset']);
$app->uses('getconf,ispcmail');
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index 3fe62a2ac3c335e0ec5fd7e026784e8423e3e16f..095c72fba2317415284885be53849b5fa03f02c8 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -58,7 +58,7 @@ $form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d =
$muc_available = $muc_pastebin_available = $muc_httparchive_available = $anon_available = $vjud_available = $proxy_available = $status_available = true;
if(!$app->auth->is_admin()) {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['limit_xmpp_muc'] != 'y') $muc_available = false;
if($client['limit_xmpp_pastebin'] != 'y' || $client['limit_xmpp_muc'] != 'y') $muc_pastebin_available = false;
diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php
index ba08717a2db9d470c86ee043a1254f0ffb9f2a3a..4e1b358c3da1f330042e98ec2062784e11a8006c 100644
--- a/interface/web/mail/mail_alias_edit.php
+++ b/interface/web/mail/mail_alias_edit.php
@@ -108,7 +108,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailalias"] >= 0) {
diff --git a/interface/web/mail/mail_blacklist_edit.php b/interface/web/mail/mail_blacklist_edit.php
index 23f7516cdf507c42c8388cd85a88c9ec48c5602e..b4a2a22693f73da98069c883be00e1c7b5473307 100644
--- a/interface/web/mail/mail_blacklist_edit.php
+++ b/interface/web/mail/mail_blacklist_edit.php
@@ -73,7 +73,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -90,11 +90,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?" , $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]." ";
}
diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php
index 80729493f946f1d015613184d68f754947207ce2..e6844c2fc9440b622894aed7cd11f7663d839608 100644
--- a/interface/web/mail/mail_domain_catchall_edit.php
+++ b/interface/web/mail/mail_domain_catchall_edit.php
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another catchall
if($this->id == 0 && $client["limit_mailcatchall"] >= 0) {
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index d7716ab923f9623e6ce3fe458d443fb3401842fd..5e037b7661e8bb61d5e2f84711215f2305af1852 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_mail['mail_servers_ids'] = explode(',', $client_mail['mail_servers']);
@@ -241,7 +241,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
@@ -258,7 +258,7 @@ class page_action extends tform_actions {
}
if($client["limit_maildomain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_maildomain"]) {
$app->error($app->tform->wordbook["limit_maildomain_txt"]);
}
diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php
index 8add1480fe17af8201ec03da8cc68f70a3016560..76e4a5e6f1861cd5b53257ef25543a5e63d947bd 100644
--- a/interface/web/mail/mail_forward_edit.php
+++ b/interface/web/mail/mail_forward_edit.php
@@ -100,7 +100,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailforward"] >= 0) {
diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php
index 70d1fb25e0993b843dcc2fc4ad53f1fd801cc2d2..fded96b6b2d52e30a43dae35f934d1b9b4c1672d 100644
--- a/interface/web/mail/mail_get_edit.php
+++ b/interface/web/mail/mail_get_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
//* Check if destination email belongs to user
if(isset($_POST["destination"])) {
- $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");
}
@@ -79,11 +79,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another transport.
if($this->id == 0 && $client["limit_fetchmail"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_fetchmail"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_fetchmail_txt"]." ";
}
@@ -93,7 +93,7 @@ class page_action extends tform_actions {
// Set the server ID according to the selected destination
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
@@ -108,8 +108,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
- $app->db->query("update mail_get SET sys_groupid = ".$app->functions->intval($tmp['sys_groupid'])." WHERE mailget_id = ".$this->id);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);
+ $app->db->query("update mail_get SET sys_groupid = ? WHERE mailget_id = ?", $tmp['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index 1e03ea6a26cb395f9139f298368421dbd94e19e2..124b8d8faf72be8d4927d051a8b6d365e4e71481 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -138,7 +138,7 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Check if Domain belongs to user
if(isset($_POST["domain"])) {
@@ -166,7 +166,7 @@ class page_action extends tform_actions {
// Check if the user may add another mail_domain
if($client["limit_mailmailinglist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailmailinglist"]) {
$app->error($app->tform->wordbook["limit_mailmailinglist_txt"]);
}
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index b47869d39248f56f45f72503c37b64c4d1a2ba32..9707d2fce018433c4e8c0c84a61ba9649548d06a 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -136,11 +136,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another transport.
if($this->id == 0 && $client["limit_mailrouting"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailrouting"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailrouting_txt"]." ";
}
diff --git a/interface/web/mail/mail_user_del.php b/interface/web/mail/mail_user_del.php
index 6b309f88f15b70c8bc92c2800909cb1d7fe784f3..dc92047331952f097b8e80327102c71ca8a036d0 100644
--- a/interface/web/mail/mail_user_del.php
+++ b/interface/web/mail/mail_user_del.php
@@ -54,10 +54,10 @@ class page_action extends tform_actions {
function onBeforeDelete() {
global $app; $conf;
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp_user["id"]);
- $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = '".$this->id."'");
+ $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = ?", $this->id);
if(is_array($tmp_filters)) {
foreach($tmp_filters as $tmp) {
$app->db->datalogDelete('mail_user_filter', 'filter_id', $tmp["filter_id"]);
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index ddc0ceb89354f47b7177d654d6ed4f37a259fb71..a96ece0086bf95df484296ab800864d9a69bce3e 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -153,12 +153,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailbox"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailbox"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailbox_txt")." ";
}
diff --git a/interface/web/mail/mail_user_filter_del.php b/interface/web/mail/mail_user_filter_del.php
index e352a8e73629b6420aac17c63b210798cd955247..254e9f1e94bb121a2badf034ef9abe6a0d63836c 100644
--- a/interface/web/mail/mail_user_filter_del.php
+++ b/interface/web/mail/mail_user_filter_del.php
@@ -51,33 +51,6 @@ $app->load('tform_actions');
class page_action extends tform_actions {
- /*
- //* Code moved to mailfilter plugin
- function onAfterDelete() {
- global $app, $conf;
-
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
- $skip = false;
- $lines = explode("\n",$mailuser['custom_mailfilter']);
- $out = '';
-
- foreach($lines as $line) {
- $line = trim($line);
- if($line == '### BEGIN FILTER_ID:'.$this->id) {
- $skip = true;
- }
- if($skip == false && $line != '') $out .= $line ."\n";
- if($line == '### END FILTER_ID:'.$this->id) {
- $skip = false;
- }
- }
-
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]);
-
- }
- */
-
}
$page = new page_action;
diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php
index c4331a2acb0707a1b81e2cc6a574e1e2e4c6f8a6..1f3953b71114194a01b4824ab9c209e68da90dc7 100644
--- a/interface/web/mail/mail_user_filter_edit.php
+++ b/interface/web/mail/mail_user_filter_edit.php
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another filter
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")." ";
}
diff --git a/interface/web/mail/mail_whitelist_edit.php b/interface/web/mail/mail_whitelist_edit.php
index b55db9c793c96a7916d372cb5c3967a59a2a9976..cd28f84a2a8f35bc3b744013dfea4803a3170680 100644
--- a/interface/web/mail/mail_whitelist_edit.php
+++ b/interface/web/mail/mail_whitelist_edit.php
@@ -89,11 +89,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]." ";
}
diff --git a/interface/web/mail/mailinglist.php b/interface/web/mail/mailinglist.php
index 6ef779cbd61f7d3e6459cab3c696374fba15547a..15f61c93991302bb420123923ee19e1fa7ecafed 100644
--- a/interface/web/mail/mailinglist.php
+++ b/interface/web/mail/mailinglist.php
@@ -43,13 +43,13 @@ $listId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = " . $listId);
+$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = ?", $listId);
$serverId = $app->functions->intval($dbData[0]['server_id']);
if ($serverId == 0){
die ("No List - Server found!");
}
-$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('mail');
diff --git a/interface/web/mail/spamfilter_blacklist_edit.php b/interface/web/mail/spamfilter_blacklist_edit.php
index b7b6391f41487ad6aebacfe61b2ee3d755f9053f..b76334b387728ef65e2daaa350a08ff37645d916 100644
--- a/interface/web/mail/spamfilter_blacklist_edit.php
+++ b/interface/web/mail/spamfilter_blacklist_edit.php
@@ -65,24 +65,6 @@ class page_action extends tform_actions {
parent::onShowNew();
}
- /*
- function onBeforeUpdate() {
- global $app, $conf;
-
- //* Check if the server has been changed
- // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
- if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);
- if($rec['server_id'] != $this->dataRecord["server_id"]) {
- //* Add a error message and switch back to old server
- $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
- $this->dataRecord["server_id"] = $rec['server_id'];
- }
- unset($rec);
- }
- }
- */
-
function onSubmit() {
global $app, $conf;
@@ -90,11 +72,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]." ";
}
@@ -103,7 +85,7 @@ class page_action extends tform_actions {
} // end if user is not admin
// Select and set the server_id so it matches the server_id of the spa,filter_users record
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ".$app->functions->intval($this->dataRecord["rid"]));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ?", $this->dataRecord["rid"]);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
diff --git a/interface/web/mail/spamfilter_policy_edit.php b/interface/web/mail/spamfilter_policy_edit.php
index 0b94d5d0659b58dfd16383fbeabff59f1a68eda9..5320506846fc3e36364a482a0e1c5c0c5d993373 100644
--- a/interface/web/mail/spamfilter_policy_edit.php
+++ b/interface/web/mail/spamfilter_policy_edit.php
@@ -72,11 +72,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_policy"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_policy"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_policy_txt"]." ";
}
diff --git a/interface/web/mail/spamfilter_users_edit.php b/interface/web/mail/spamfilter_users_edit.php
index 488d951c75722a89434a717907d44b6b64dbf539..b8bc9316c5fffdadff123f8bbf81ef951275e406 100644
--- a/interface/web/mail/spamfilter_users_edit.php
+++ b/interface/web/mail/spamfilter_users_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -88,11 +88,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_user"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_user"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_user_txt"]." ";
}
diff --git a/interface/web/mail/spamfilter_whitelist_edit.php b/interface/web/mail/spamfilter_whitelist_edit.php
index 227f538be3081f282404c325d718c0acbc67fabf..00ce0d4e3ae7599f5bdd8c04e20291b3067d65f2 100644
--- a/interface/web/mail/spamfilter_whitelist_edit.php
+++ b/interface/web/mail/spamfilter_whitelist_edit.php
@@ -90,11 +90,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]." ";
}
diff --git a/interface/web/mail/webmailer.php b/interface/web/mail/webmailer.php
index 3a10c0fde2aa1ef1fa1ea8ba41a06996238df9a2..d6f73cc45bb5bf61b41d520f64a62ec42367697f 100644
--- a/interface/web/mail/webmailer.php
+++ b/interface/web/mail/webmailer.php
@@ -43,13 +43,13 @@ $emailId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = " . $emailId);
+$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $emailId);
$serverId = $app->functions->intval($dbData['server_id']);
if ($serverId == 0){
die ("No E-Mail - Server found!");
}
-$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('mail');
diff --git a/interface/web/mail/xmpp_domain_del.php b/interface/web/mail/xmpp_domain_del.php
index da481c8f2b9d001e4b870d0bb6a65ee565c690b8..5e4c826fd036f67fbd5b9d115fd4f8c93a1f8dfb 100644
--- a/interface/web/mail/xmpp_domain_del.php
+++ b/interface/web/mail/xmpp_domain_del.php
@@ -67,8 +67,8 @@ class page_action extends tform_actions {
private function delete_accounts($domain){
global $app;
// get all accounts
- $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND ?";
- $users = $app->db->queryAllRecords($sql, '%@'.$domain, $app->tform->getAuthSQL('d'));
+ $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND " . $app->tform->getAuthSQL('d');
+ $users = $app->db->queryAllRecords($sql, '%@'.$domain);
foreach($users AS $u)
$app->db->datalogDelete('xmpp_user', 'xmppuser_id', $u['xmppuser_id']);
}
@@ -77,8 +77,8 @@ class page_action extends tform_actions {
global $app;
// purge all xmpp related rr-record
- $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND ? ORDER BY serial DESC";
- $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
+ $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%');
if (is_array($rec[1])) {
for ($i=0; $i < count($rec); ++$i)
$app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 1213a91e6ad3d6649fd5ce4255eca5f91d6f4cf8..91566dc6a5941eaa86015b204d7a67ba92b363af 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -95,7 +95,7 @@ class page_action extends tform_actions {
$read_limits = array('limit_xmpp_pastebin', 'limit_xmpp_httparchive', 'limit_xmpp_anon', 'limit_xmpp_vjud', 'limit_xmpp_proxy', 'limit_xmpp_status');
if($_SESSION["s"]["user"]["typ"] != 'admin') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// add limits to template to be able to hide settings
foreach($read_limits as $limit) $app->tpl->setVar($limit, $client[$limit]);
}else{
@@ -145,7 +145,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_xmpp['xmpp_servers_ids'] = explode(',', $client_xmpp['xmpp_servers']);
@@ -239,7 +239,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
@@ -256,7 +256,7 @@ class page_action extends tform_actions {
}
if($client["limit_xmpp_domain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_xmpp_domain"]) {
$app->error($app->tform->wordbook["limit_xmppdomain_txt"]);
}
diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
index 6ad6161b4aeffa46bce2b4f4177c8dd79617fc12..c1b9eedf593df45eb04ed048413216b90c57d9ea 100644
--- a/interface/web/mail/xmpp_user_edit.php
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -98,7 +98,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Check if Domain belongs to user
if(isset($_POST["jid_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["jid_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
@@ -112,12 +112,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
// Check if the user may add another xmpp user.
if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ", $client_group_id);
if($tmp["number"] >= $client["limit_xmpp_user"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")." ";
}
@@ -148,8 +148,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Set the domain owner as xmpp user owner
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+ $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
}
@@ -158,8 +158,8 @@ class page_action extends tform_actions {
// Set the domain owner as mailbox owner
if(isset($_POST["xmpp_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+ $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
}
}
diff --git a/interface/web/mailuser/index.php b/interface/web/mailuser/index.php
index 73505ae64636049ea111081c5aa479d3b093de00..b7748ac1ccac8602b806abfc655ef75db125e2b5 100644
--- a/interface/web/mailuser/index.php
+++ b/interface/web/mailuser/index.php
@@ -17,8 +17,8 @@ $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng';
include $lng_file;
$app->tpl->setVar($wb);
-$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);
-$rec = $app->db->queryOneRecord($sql);
+$sql = "SELECT * FROM mail_user WHERE mailuser_id = ?";
+$rec = $app->db->queryOneRecord($sql, $_SESSION['s']['user']['mailuser_id']);
if($rec['quota'] == 0) {
$rec['quota'] = $wb['unlimited_txt'];
@@ -30,8 +30,8 @@ if($rec['cc'] == '') $rec['cc'] = $wb['none_txt'];
$app->tpl->setVar($rec);
-$sql2 = "SELECT * FROM server WHERE server_id = ".$app->functions->intval($rec['server_id']);
-$rec2 = $app->db->queryOneRecord($sql2);
+$sql2 = "SELECT * FROM server WHERE server_id = ?";
+$rec2 = $app->db->queryOneRecord($sql2, $rec['server_id']);
$app->tpl->setVar($rec2);
diff --git a/interface/web/mailuser/mail_user_filter_edit.php b/interface/web/mailuser/mail_user_filter_edit.php
index ff93bd9d6cd00b3b3aae41f023d6a26cd130ee57..d398b65166aab18e2e9d63d8b305834aab4d20d5 100644
--- a/interface/web/mailuser/mail_user_filter_edit.php
+++ b/interface/web/mailuser/mail_user_filter_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent mail_user record
- $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = '".$app->functions->intval($_SESSION['s']['user']['mailuser_id'])."'");
+ $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = ?", $_SESSION['s']['user']['mailuser_id']);
// Set the mailuser_id
$this->dataRecord["mailuser_id"] = $mailuser["mailuser_id"];
@@ -84,11 +84,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["default_group"] > 0) { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another filter
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")." ";
}
diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php
index 3ea2aa57d55f363c75e57fddebccd755e6ab1025..335aaece01578af3d666caa675d9550888ff3b23 100644
--- a/interface/web/mailuser/mail_user_spamfilter_edit.php
+++ b/interface/web/mailuser/mail_user_spamfilter_edit.php
@@ -74,11 +74,11 @@ class page_action extends tform_actions {
$rec = $app->tform->getDataRecord($this->id);
$email_parts = explode('@', $rec['email']);
$email_domain = $email_parts[1];
- $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($email_domain)."'");
+ $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = ?", $email_domain);
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($rec["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $rec["email"]);
if($policy_id > 0) {
if($tmp_user["id"] > 0) {
// There is already a record that we will update
@@ -104,7 +104,7 @@ class page_action extends tform_actions {
$app->tpl->setVar("email", $rec['email']);
// Get the spamfilter policys for the user
- $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($rec['email'])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);
$sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
$policys = $app->db->queryAllRecords($sql);
$policy_select = "";
diff --git a/interface/web/monitor/log_del.php b/interface/web/monitor/log_del.php
index 04d11e9665ec8d12ed77ee7a97ec4987a3d65678..40fe185977ed37c2131b87078233bd612045111c 100644
--- a/interface/web/monitor/log_del.php
+++ b/interface/web/monitor/log_del.php
@@ -35,7 +35,7 @@ require_once '../../lib/app.inc.php';
$app->auth->check_module_permissions('monitor');
$syslog_id = $app->functions->intval($_GET['id']);
-$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = '$syslog_id'");
+$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = ?", $syslog_id);
header('Location: log_list.php');
exit;
diff --git a/interface/web/monitor/show_log.php b/interface/web/monitor/show_log.php
index 96217dada18dee68771d738e4b896c9e30ea9379..e8f3acc735eae75e1d1bda8d243ae114e4f3cf55 100644
--- a/interface/web/monitor/show_log.php
+++ b/interface/web/monitor/show_log.php
@@ -120,7 +120,7 @@ $app->tpl->setVar("refresh", $tmp);
/* fetch the Data from the DB */
-$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = '" . $app->db->quote($logId) . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $logId, $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
diff --git a/interface/web/monitor/show_sys_state.php b/interface/web/monitor/show_sys_state.php
index 480dd17d280cf78dbceaf28b1e13aa95e05f12c1..53997bc207a2538e1de3e2f571d683e35d2c628b 100644
--- a/interface/web/monitor/show_sys_state.php
+++ b/interface/web/monitor/show_sys_state.php
@@ -191,7 +191,7 @@ function _getServerState($serverId, $serverName) {
/*
* Get all monitoring-data from the server and process then
*/
- $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = " . $serverId);
+ $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = ?", $serverId);
$osData = null;
$veInfo = null;
$ispcData = null;
@@ -320,7 +320,7 @@ function _processDbState($type, $serverId, $serverState, $messages) {
* state
*/
// get the State from the DB
- $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $serverId . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $type, $serverId);
// change the new state to the highest state
/*
diff --git a/interface/web/remote/monitor.php b/interface/web/remote/monitor.php
index 9cc0084bba6eb101ace67453bb7843d7301e5eec..132bcf29a5bc01a297eaf488565cd4db340fd810 100644
--- a/interface/web/remote/monitor.php
+++ b/interface/web/remote/monitor.php
@@ -30,7 +30,7 @@ if($token == '' or $secret == '' or $token != $secret) {
$sql = 'SELECT server_id, server_name FROM server WHERE 1 ORDER BY server_id';
$records = $app->db->queryAllRecords($sql);
foreach($records as $index => $rec) {
- $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = " . $rec['server_id'] . " AND state NOT IN ('ok', 'no_state', 'info')");
+ $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = ? AND state NOT IN ('ok', 'no_state', 'info')", $rec['server_id']);
if($rec) $records[$index]['state'] = 'warn';
else $records[$index]['state'] = 'ok';
}
@@ -38,7 +38,7 @@ if($token == '' or $secret == '' or $token != $secret) {
$out['data'] = $records;
$out['time'] = date('Y-m-d H:i', $rec['created']);
} else {
- $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = '$type' AND server_id = $server_id");
+ $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = ? AND server_id = ?", $type, $server_id);
if(is_array($rec)) {
$out['state'] = $rec['state'];
$out['data'] = unserialize(stripslashes($rec['data']));
diff --git a/interface/web/sites/ajax_get_ip.php b/interface/web/sites/ajax_get_ip.php
index 4101a807e17c8c4aa3db2bd4319d6d2d27e3f6a6..c50c1ba3c27a0e7398683e48870f112736aae643 100644
--- a/interface/web/sites/ajax_get_ip.php
+++ b/interface/web/sites/ajax_get_ip.php
@@ -44,8 +44,8 @@ if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION
//* Get global web config
$web_config = $app->getconf->get_server_config($server_id, 'web');
- $sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = ? AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $ip_type, $server_id);
// $ip_select = "";
if($ip_type == 'IPv4'){
$ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"*#":"";
diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php
index ffc8c031d7b65b69d0f0fcee63cd1b524eefb849..ff0705f9bbb722114029f4f4a4db957e31ca64a8 100644
--- a/interface/web/sites/aps_do_operation.php
+++ b/interface/web/sites/aps_do_operation.php
@@ -50,15 +50,15 @@ if($_GET['action'] == 'change_status')
if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID'));
// Change the existing status to the opposite
- $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']);
if($get_status['package_status'] == strval(PACKAGE_LOCKED))
{
- $app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']);
echo '
'.$app->lng('Yes').'
';
}
else
{
- $app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']);
echo '
'.$app->lng('No').'
';
}
}
@@ -69,7 +69,7 @@ else if($_GET['action'] == 'delete_instance')
$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
if(!$is_admin)
{
- $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");
+ $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
$client_id = $cid['client_id'];
}
@@ -78,8 +78,8 @@ else if($_GET['action'] == 'delete_instance')
// Only delete the instance if the status is "installed" or "flawed"
$check = $app->db->queryOneRecord("SELECT id FROM aps_instances
- WHERE id = ".$app->db->quote($_GET['id'])." AND
- (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");");
+ WHERE id = ? AND
+ (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR);
if($check['id'] > 0) $gui->deleteInstance($_GET['id']);
//echo $app->lng('Installation_remove');
@header('Location:aps_installedpackages_list.php');
diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php
index 5d623226908c7d21e34ad1e1a5a609c5cfa2b35d..0c19af8c97a088a50b93707e31dfe9fe814f086e 100644
--- a/interface/web/sites/aps_install_package.php
+++ b/interface/web/sites/aps_install_package.php
@@ -85,9 +85,8 @@ if(isset($settings['error'])) $app->error($settings['error']);
// Get domain list
$domains = array();
$domain_for_user = '';
-if(!$adminflag) $domain_for_user = "AND (sys_userid = '".$app->db->quote($_SESSION['s']['user']['userid'])."'
- OR sys_groupid = '".$app->db->quote($_SESSION['s']['user']['default_group'])."' )";
-$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain;");
+if(!$adminflag) $domain_for_user = "AND (sys_userid = ? OR sys_groupid = ?)";
+$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain", $_SESSION['s']['user']['userid'], $_SESSION['s']['user']['default_group']);
if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $domain['domain'];
// If data has been submitted, validate it
diff --git a/interface/web/sites/cron_edit.php b/interface/web/sites/cron_edit.php
index 6ec02c7433be31eee8577cad06ebb111b40b777c..2b3c1391b19042189242f45ac6c940fe1f64aa86 100644
--- a/interface/web/sites/cron_edit.php
+++ b/interface/web/sites/cron_edit.php
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
// When the record is updated
if($this->id > 0) {
@@ -95,7 +95,7 @@ class page_action extends tform_actions {
} else {
// Check if the user may add another cron job.
if($client["limit_cron"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ", $client_group_id);
if($tmp["number"] >= $client["limit_cron"]) {
$app->error($app->tform->wordbook["limit_cron_txt"]);
}
@@ -104,7 +104,7 @@ class page_action extends tform_actions {
}
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
// Set fixed values
@@ -115,7 +115,7 @@ class page_action extends tform_actions {
if(preg_match("'^http(s)?:\/\/'i", $command)) {
$this->dataRecord["type"] = 'url';
} else {
- $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($parent_domain["sys_groupid"]));
+ $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $parent_domain["sys_groupid"]);
//* True when the site is assigned to a client
if(isset($domain_owner["limit_cron_type"])) {
if($domain_owner["limit_cron_type"] == 'full') {
@@ -140,7 +140,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_cron_frequency"] > 1) {
if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {
@@ -170,7 +170,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_cron_frequency"] > 1) {
if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {
@@ -196,14 +196,14 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $web["server_id"];
// The cron shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE cron SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE cron SET server_id = ?, sys_groupid = ? WHERE id = ?";
+ $app->db->query($sql, $server_id, $sys_groupid, $this->id);
}
function onAfterUpdate() {
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 9494cd3360e20b1e8fda933765a765e7d8942112..01497ab84bb2be4df4baf6accf5d6bd982f1d065 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -79,7 +79,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Set the webserver to the default server of the client
- $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
+ $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));
$only_one_server = count($tmp) === 1;
$app->tpl->setVar('only_one_server', $only_one_server);
@@ -102,7 +102,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Set the webserver to the default server of the client
- $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
+ $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));
$only_one_server = count($tmp) === 1;
$app->tpl->setVar('only_one_server', $only_one_server);
@@ -168,13 +168,13 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ", $client_group_id);
// When the record is updated
if($this->id > 0) {
@@ -207,7 +207,7 @@ class page_action extends tform_actions {
if($client['parent_client_id'] > 0) {
// Get the limits of the reseller
- $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ?", $client['parent_client_id']);
//* Check the website quota of the client
if ($reseller['limit_database_quota'] >= 0) {
@@ -265,15 +265,15 @@ class page_action extends tform_actions {
}
} else {
// check if client of database parent domain is client of db user!
- $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($this->dataRecord['database_user_id']) {
- $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_user_id'])."'");
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_user_id']);
if($group['sys_groupid'] != $web_group['sys_groupid']) {
$app->error($app->tform->wordbook['database_client_differs_txt']);
}
}
if($this->dataRecord['database_ro_user_id']) {
- $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_ro_user_id'])."'");
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_ro_user_id']);
if($group['sys_groupid'] != $web_group['sys_groupid']) {
$app->error($app->tform->wordbook['database_client_differs_txt']);
}
@@ -340,11 +340,11 @@ class page_action extends tform_actions {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."' AND database_id != '".$this->id."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ? AND database_id != ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"], $this->id);
if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').' ';
// get the web server ip (parent domain)
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -369,7 +369,7 @@ class page_action extends tform_actions {
if ($app->tform->errorMessage == '') {
// force update of the used database user
if($this->dataRecord['database_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -377,7 +377,7 @@ class page_action extends tform_actions {
}
}
if($this->dataRecord['database_ro_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -419,11 +419,11 @@ class page_action extends tform_actions {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"]);
if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').' ';
// get the web server ip (parent domain)
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -448,7 +448,7 @@ class page_action extends tform_actions {
if ($app->tform->errorMessage == '') {
// force update of the used database user
if($this->dataRecord['database_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -456,7 +456,7 @@ class page_action extends tform_actions {
}
}
if($this->dataRecord['database_ro_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
diff --git a/interface/web/sites/database_phpmyadmin.php b/interface/web/sites/database_phpmyadmin.php
index 5e640dfea438950ca2d93cfb279bcd2bcd981a4d..481b4ea600a66fa975518fe7f7e174a27bb52f29 100644
--- a/interface/web/sites/database_phpmyadmin.php
+++ b/interface/web/sites/database_phpmyadmin.php
@@ -45,14 +45,12 @@ $databaseId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = " . $databaseId);
+$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = ?", $databaseId);
$serverId = $app->functions->intval($dbData['server_id']);
if ($serverId == 0){
die ("No DB-Server found!");
}
-$serverData = $app->db->queryOneRecord(
- "SELECT server_name FROM server WHERE server_id = " .
- $serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('sites');
diff --git a/interface/web/sites/database_user_del.php b/interface/web/sites/database_user_del.php
index 3667539c7aefec0abb0f55ad2848ee2d7534a78c..2ca1ef58b11d3df600109e83d9a13dd9d570b535 100644
--- a/interface/web/sites/database_user_del.php
+++ b/interface/web/sites/database_user_del.php
@@ -55,7 +55,7 @@ class page_action extends tform_actions {
$old_record = $app->tform->getDataRecord($this->id);
/* we cannot use datalogDelete here, as we need to set server_id to 0 */
- $app->db->query("DELETE FROM `web_database_user` WHERE $index_field = '$index_value'");
+ $app->db->query("DELETE FROM `web_database_user` WHERE ?? = ?", $index_field, $index_value);
$new_rec = array();
$old_record['server_id'] = 0;
$app->db->datalogSave('web_database_user', 'DELETE', 'database_user_id', $this->id, $old_record, $new_rec);
@@ -65,12 +65,12 @@ class page_action extends tform_actions {
global $app; $conf;
//* Update all records that belog to this user
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
}
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
}
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 18b46b90e1bd4d1131d8544d2a37eb43173e043b..ff366a37405d1d56319a521e14c2e70670b6bc86 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -66,7 +66,7 @@ class page_action extends tform_actions {
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index c342605c9ae42da884e644e6cf89da8179007485..47f8f65ad39195f8f32786056c4ee3d64105412c 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -85,7 +85,7 @@ $ssl_available = true;
$backup_available = ($vhostdomain_type == 'domain');
if(!$app->auth->is_admin()) {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['limit_wildcard'] != 'y') $wildcard_available = false;
if($client['limit_ssl'] != 'y') $ssl_available = false;
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 8de6be755f5a0b05b8817d2b9712a83d3371eeaf..1370d22a3290a7ad1772963daf4039b91a7196c6 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -103,14 +103,12 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the record of the parent domain
- //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
- //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
if(isset($this->dataRecord["parent_domain_id"])) {
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
} else {
$tmp = $app->tform->getDataRecord($this->id);
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]);
if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
unset($tmp);
}
@@ -163,7 +161,7 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
$dir = $app->db->quote($web["document_root"]);
@@ -178,8 +176,8 @@ class page_action extends tform_actions {
// The FTP user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$uid', pgroup = '$gid', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE shell_user SET server_id = ?, dir = ?, puser = ?, pgroup = ?, sys_groupid = ? WHERE shell_user_id = ?";
+ $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);
}
diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php
index a2a20ca11a5e8cce3dd39c43abf04b9a1ce98f4f..33c2422f45735fbe6bb35e60d71dbd808380fb35 100644
--- a/interface/web/sites/web_childdomain_edit.php
+++ b/interface/web/sites/web_childdomain_edit.php
@@ -136,7 +136,7 @@ class page_action extends tform_actions {
} else {
if($this->_childdomain_type == 'subdomain') {
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);
// remove the parent domain part of the domain name before we show it in the text field.
$this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);
@@ -168,13 +168,13 @@ class page_action extends tform_actions {
// Get the record of the parent domain
if(!@$this->dataRecord["parent_domain_id"] && $this->id) {
- $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ?", $this->id);
if($tmp) $this->dataRecord["parent_domain_id"] = $tmp['parent_domain_id'];
unset($tmp);
}
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
/* check if the domain module is used - and check if the selected domain can be used! */
$app->uses('ini_parser,getconf');
@@ -236,7 +236,7 @@ class page_action extends tform_actions {
//* Update the old website, so that the vhost alias gets removed
//* We force the update by inserting a transaction record without changes manually.
- $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
+ $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $this->oldDataRecord['domain_id']);
$app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $app->functions->intval($this->oldDataRecord['parent_domain_id']), $old_website, $old_website, true);
}
diff --git a/interface/web/sites/web_folder_del.php b/interface/web/sites/web_folder_del.php
index ec13c35a851cd09536687d91499aed635d37bed5..c7b60382d42e1f2e6ede68dd90fc9630e13de27d 100644
--- a/interface/web/sites/web_folder_del.php
+++ b/interface/web/sites/web_folder_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all users that belong to this folder.
- $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec['web_folder_user_id']);
}
diff --git a/interface/web/sites/web_sites_stats.php b/interface/web/sites/web_sites_stats.php
index 4e5535e0df49a5e0d4a819218a110a951b12dd52..a6af3dc8a080def6bac72812f6142fcc28430a21 100644
--- a/interface/web/sites/web_sites_stats.php
+++ b/interface/web/sites/web_sites_stats.php
@@ -40,34 +40,26 @@ class list_action extends listform_actions {
//** Traffic of the current month
$tmp_year = date('Y');
$tmp_month = date('m');
- $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
-// $rec['this_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_this_month += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);
$rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);
$this->sum_this_month += $app->functions->formatBytes($tmp_rec['t']);
//** Traffic of the current year
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
-// $rec['this_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_this_year += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);
$rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);
$this->sum_this_year += $app->functions->formatBytes($tmp_rec['t']);
//** Traffic of the last month
$tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
$tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
-// $rec['last_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_last_month += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);
$rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);
$this->sum_last_month += $app->functions->formatBytes($tmp_rec['t']);
//** Traffic of the last year
$tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
-// $rec['last_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_last_year += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);
$rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);
$this->sum_last_year += $app->functions->formatBytes($tmp_rec['t']);
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 6e7d4347ff8573249c12720b636ce6687281b8ae..f53a84352143d8ee73f22c8e0304083acf20bc08 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -111,7 +111,7 @@ class page_action extends tform_actions {
}
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$web_servers = explode(',', $client['web_servers']);
$server_id = $web_servers[0];
$app->tpl->setVar("server_id_value", $server_id);
@@ -141,7 +141,7 @@ class page_action extends tform_actions {
$read_limits = array('limit_cgi', 'limit_ssi', 'limit_perl', 'limit_ruby', 'limit_python', 'force_suexec', 'limit_hterror', 'limit_wildcard', 'limit_ssl');
- if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
+ if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);
$is_admin = false;
@@ -151,11 +151,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
if($this->_vhostdomain_type == 'domain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'subdomain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'aliasdomain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$client['web_servers_ids'] = explode(',', $client['web_servers']);
@@ -276,12 +276,12 @@ class page_action extends tform_actions {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
if($this->_vhostdomain_type == 'domain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$app->tpl->setVar('only_one_server', $only_one_server);
} elseif($this->_vhostdomain_type == 'subdomain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'aliasdomain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$client['web_servers_ids'] = explode(',', $client['web_servers']);
@@ -816,7 +816,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['web_servers_ids'] = explode(',', $client['web_servers']);
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 775d515289e09103a5302b5ab99f720fbbf1c647..b33b978da17a34e5c45c31d229fd138dfef4ed70 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -86,7 +86,7 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$domains = $exdb->queryAllRecords("SELECT * FROM domains WHERE type = 'MASTER'");
if(is_array($domains)) {
foreach($domains as $domain) {
- $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);
+ $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ?", $domain['id']);
if(is_array($soa)) {
$parts = explode(' ', $soa['content']);
$origin = $app->db->quote(addot($soa['name']));
@@ -106,7 +106,7 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$msg .= 'Import Zone: '.$soa['name'].' ';
//* Process the other records
- $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ".$domain['id']);
+ $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ?", $domain['id']);
if(is_array($records)) {
foreach($records as $rec) {
$rr = array();
diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index f81ce2d1572ff259983b4639b81c98c6ab6e22e4..f213605bf787aaa739f69b7b853507f607128e17 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -96,7 +96,7 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
}
}
} else {
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = '".$_SESSION["s"]["user"]['username']."'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = ?", $_SESSION["s"]["user"]['username']);
$modules = $tmp['modules'];
//$modules = $conf['interface_modules_enabled'];
if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
diff --git a/interface/web/tools/import_plesk.php b/interface/web/tools/import_plesk.php
deleted file mode 100644
index f6e2890ea1546d28d3d8fae078df7e03adfec797..0000000000000000000000000000000000000000
--- a/interface/web/tools/import_plesk.php
+++ /dev/null
@@ -1,1430 +0,0 @@
-queryAllRecords("SELECT l.id, l.limit_name, l.value FROM Limits as l");
- foreach($limit_data as $entry) {
- if(array_key_exists($entry['id'], $limits) == false) $limits[$entry['id']] = array();
- $limits[$entry['id']][$entry['limit_name']] = $entry['value'];
-
- // limits that are there:
- /*
- disk_space
- disk_space_soft
- expiration
- max_box
- max_db
- max_dom_aliases
- max_maillists
- max_mn
- max_site
- max_site_builder
- max_subdom
- max_subftp_users
- max_traffic
- max_traffic_soft
- max_unity_mobile_sites
- max_webapps
- max_wu
- mbox_quota
- */
- }
-
- return $limits;
-}
-
-
-/**
- *
- * @param array $limits
- * @param int $id
- * @param string $limit
- * @param mixed $default
- * @return mixed
- */
-function get_limit($limits, $id, $limit, $default = false) {
- $ret = $default;
- if(isset($limits[$id][$limit])) $ret = $limits[$id][$limit];
-
- return $ret;
-}
-
-function get_option($options, $option, $default = false) {
- $ret = $default;
- if(isset($options[$option])) $ret = $options[$option];
-
- return $ret;
-}
-
-function add_dot($string) {
- if(strlen($string) > 0 && substr($string, -1, 1) !== '.') $string .= '.';
- return $string;
-}
-
-function byte_to_mbyte($byte) {
- if($byte <= 0) return $byte; // limit = -1 -> unlimited
- return round($byte / (1024*1024));
-}
-
-function yes_no($num, $reverse = false) {
- return ($num == 1 && !$reverse) || ($num != 1 && $reverse) ? 'y' : 'n';
-}
-
-// taken from the web_domain_edit.php
-function id_hash($id, $levels) {
- $hash = "" . $id % 10 ;
- $id /= 10 ;
- $levels -- ;
- while ( $levels > 0 ) {
- $hash .= "/" . $id % 10 ;
- $id /= 10 ;
- $levels-- ;
- }
- return $hash;
-}
-
-$COMMANDS = 'unset HISTFILE
-MYSERVER="192.168.1.10"
-MYSQL_EXPORT_USER="root"
-MYSQL_EXPORT_PASS=""
-MYSQL_IMPORT_USER="root"
-MYSQL_IMPORT_PASS=""
-';
-
-function add_command($cmd) {
- global $COMMANDS;
-
- $COMMANDS .= $cmd . "\n";
-}
-
-
-/* TODO: document root rewrite on ftp account and other home directories */
-
-//* Check permissions for module
-$app->auth->check_module_permissions('admin');
-
-//* This is only allowed for administrators
-if(!$app->auth->is_admin()) die('only allowed for administrators.');
-
-$app->uses('tpl,getconf');
-$app->load('importer');
-
-$app->tpl->newTemplate('form.tpl.htm');
-$app->tpl->setInclude('content_tpl', 'templates/import_plesk.htm');
-$msg = '';
-$error = '';
-
-// Start migrating plesk data
-if(isset($_POST['start']) && $_POST['start'] == 1) {
-
- //* Set variable sin template
- $app->tpl->setVar('dbhost', $_POST['dbhost']);
- $app->tpl->setVar('dbname', $_POST['dbname']);
- $app->tpl->setVar('dbuser', $_POST['dbuser']);
- $app->tpl->setVar('dbpassword', $_POST['dbpassword']);
- $app->tpl->setVar('webcontent', $_POST['webcontent']);
- $app->tpl->setVar('mailcontent', $_POST['mailcontent']);
-
- //* Establish connection to external database
- $msg .= 'Connecting to external database... ';
-
- //* Backup DB login details
- /*$conf_bak['db_host'] = $conf['db_host'];
- $conf_bak['db_database'] = $conf['db_database'];
- $conf_bak['db_user'] = $conf['db_user'];
- $conf_bak['db_password'] = $conf['db_password'];*/
-
- //* Set external Login details
- $conf['imp_db_host'] = $_POST['dbhost'];
- $conf['imp_db_database'] = $_POST['dbname'];
- $conf['imp_db_user'] = $_POST['dbuser'];
- $conf['imp_db_password'] = $_POST['dbpassword'];
- $conf['imp_db_charset'] = $conf['db_charset'];
- $conf['imp_db_new_link'] = $conf['db_new_link'];
- $conf['imp_db_client_flags'] = $conf['db_client_flags'];
-
- //* create new db object
- $exdb = new db('imp');
-
- $msg .= 'db object created... ';
-
- $importer = new importer();
- $session_id = 'ISPC3'; // set dummy session id for remoting lib
- $msg .= 'importer object created... ';
-
- // import on server
- $server_id = 1;
-
- //* Connect to DB
- if($exdb !== false) {
- $msg .= 'Connecting to external database done... ';
-
- $limits = read_limit_data($exdb);
-
- $msg .= 'read all limit data... ';
-
- // param_id -> cl_params table - not needed for import
- // tpye = admin, reseller, client
- $admins = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'admin' ORDER BY c.parent_id, c.id");
- $resellers = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'reseller' ORDER BY c.parent_id, c.id");
- $clients = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'client' ORDER BY c.parent_id, c.id");
-
- $users = array_merge($admins, $resellers, $clients);
- $msg .= 'read all users (' . count($users) . ')... ';
-
-
- $plesk_ispc_ids = array(); // array with key = plesk id, value = ispc id
-
- $phpopts = array('no', 'fast-cgi', 'cgi', 'mod', 'suphp', 'php-fpm');
-
- // import admins / resellers
- for($i = 0; $i < count($users); $i++) {
- $entry = $users[$i];
-
- $old_client = $importer->client_get_by_username($session_id, $entry['login']);
- if($old_client) {
- if($old_client['client_id'] == 0) {
- $entry['login'] = 'psa_' . $entry['login'];
- $old_client = $importer->client_get_by_username($session_id, $entry['login']);
- if($old_client) {
- $msg .= $entry['login'] . ' existed, updating id ' . $old_client['client_id'] . ' ';
- }
- } else {
- $msg .= $entry['login'] . ' existed, updating id ' . $old_client['client_id'] . ' ';
- }
- }
- $params = array(
- 'company_name' => $entry['cname'],
- 'contact_name' => $entry['pname'],
- 'customer_no' => 'Plesk' . $entry['id'],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'language' => substr($entry['locale'], 0, 2), // plesk stores as de-DE or en-US
- //'usertheme' => '',
- 'street' => $entry['address'],
- 'zip' => $entry['pcode'],
- 'city' => $entry['city'],
- 'state' => $entry['state'],
- 'country' => $entry['country'],
- 'telephone' => $entry['phone'],
- //'mobile' => $entry[''],
- 'fax' => $entry['fax'],
- 'email' => $entry['email'],
- //'internet' => $entry[''],
- //'icq' => $entry[''],
- //'vat_id' => $entry[''],
- //'company_id' => $entry[''],
- //'bank_account_number' => $entry[''],
- //'bank_code' => $entry[''],
- //'bank_name' => $entry[''],
- //'bank_account_iban' => $entry[''],
- //'bank_account_swift' => $entry[''],
- 'notes' => 'imported from Plesk id ' . $entry['id'],
- //'template_master' => $entry[''],
- //'template_additional' => $entry[''],
- //'default_mailserver' => $entry[''],
- 'limit_maildomain' => get_limit($limits, $entry['id'], 'max_site', -1),
- 'limit_mailbox' => get_limit($limits, $entry['id'], 'max_box', -1),
- 'limit_mailalias' => get_limit($limits, $entry['id'], 'max_mn', -1),
- 'limit_mailaliasdomain' => get_limit($limits, $entry['id'], 'max_dom_aliases', -1),
- 'limit_mailmailinglist' => get_limit($limits, $entry['id'], 'max_maillists', -1),
- 'limit_mailforward' => get_limit($limits, $entry['id'], 'max_mn', -1),
- 'limit_mailcatchall' => 1,
- 'limit_mailrouting' => 0,
- 'limit_mailfilter' => 0,
- 'limit_fetchmail' => 0,
- 'limit_mailquota' => get_limit($limits, $entry['id'], 'mbox_quota', -1),
- 'limit_spamfilter_wblist' => 0,
- 'limit_spamfilter_user' => 0,
- 'limit_spamfilter_policy' => 0,
- //'default_webserver' => '',
- 'limit_web_domain' => get_limit($limits, $entry['id'], 'max_site', -1),
- 'limit_web_quota' => intval(get_limit($limits, $entry['id'], 'disk_space', -1)),
- 'web_php_options' => implode(',', $phpopts),
- 'limit_web_aliasdomain' => get_limit($limits, $entry['id'], 'max_dom_aliases', -1),
- 'limit_web_subdomain' => get_limit($limits, $entry['id'], 'max_subdom', -1),
- 'limit_ftp_user' => (string)($app->functions->intval(get_limit($limits, $entry['id'], 'max_subftp_users', -2)) + 1),
- 'limit_shell_user' => 0,
- 'ssh_chroot' => 'no,jailkit',
- 'limit_webdav_user' => get_limit($limits, $entry['id'], 'max_wu', 0),
- //'default_dnsserver' => '',
- 'limit_dns_zone' => -1,
- 'limit_dns_slave_zone' => -1,
- 'limit_dns_record' => -1,
- 'limit_client' => ($entry['type'] == 'client' ? 0 : -1),
- //'default_dbserver' => '',
- 'limit_database' => get_limit($limits, $entry['id'], 'max_db', -1),
- 'limit_cron' => 0,
- 'limit_cron_type' => 'url',
- 'limit_cron_frequency' => '5',
- 'limit_traffic_quota' => intval(get_limit($limits, $entry['id'], 'max_traffic', -1)),
- 'limit_openvz_vm' => 0,
- 'limit_openvz_vm_template_id' => ''
- );
- $reseller_id = 0;
- if($entry['parent_id'] != 0) {
- if(array_key_exists($entry['parent_id'], $plesk_ispc_ids)) {
- $reseller_id = $plesk_ispc_ids[$entry['parent_id']];
- }
- }
-
- if($old_client) {
- $new_id = $old_client['client_id'];
- $ok = $importer->client_update($session_id, $old_client['client_id'], $reseller_id, array_merge($old_client, $params));
- if($ok === false) {
-
- }
- } else {
- $new_id = $importer->client_add($session_id, $reseller_id, $params);
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Client " . $entry['id'] . " (" . $entry['pname'] . ") could not be inserted/updated. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Client " . $entry['id'] . " (" . $entry['pname'] . ") inserted/updated. ";
- }
-
- $plesk_ispc_ids[$entry['id']] = $new_id;
- }
- unset($users);
- unset($clients);
- unset($resellers);
- unset($admins);
-
- $web_config = $app->getconf->get_server_config($server_id, 'web');
-
- $domains = $exdb->queryAllRecords("SELECT d.id, d.cr_date, d.name, d.displayName, d.dns_zone_id, d.status, d.htype, d.real_size, d.cl_id, d.limits_id, d.params_id, d.guid, d.overuse, d.gl_filter, d.vendor_id, d.webspace_id, d.webspace_status, d.permissions_id, d.external_id FROM domains as d WHERE d.parentDomainId = 0");
- $dom_ftp_users = array();
- $domain_ids = array();
- $domain_roots = array();
- $domain_owners = array();
- $dns_domain_ids = array();
- $maildomain_ids = array();
- foreach($domains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['id'] . "'");
- $options = array();
- while($opt = $res->get()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- /* TODO: options that might be used later:
- * OveruseBlock true/false
- * OveruseNotify true/false
- * OveruseSuspend true/false
- * wu_script true/false (webusers allowed to use scripts?)
- * webmail string (webmailer used - horde)
- */
-
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM hosting as h LEFT JOIN sys_users as s ON (s.id = h.sys_user_id) LEFT JOIN accounts as a ON (s.account_id = a.id) WHERE h.dom_id = '" . $entry['id'] . "'");
- if($hosting['sys_user_id']) {
- $dom_ftp_users[] = array('id' => 0,
- 'dom_id' => $hosting['dom_id'],
- 'sys_user_id' => $hosting['sys_user_id'],
- 'login' => $hosting['login'],
- 'account_id' => $hosting['account_id'],
- 'home' => $hosting['home'],
- 'shell' => $hosting['shell'],
- 'quota' => $hosting['quota'],
- 'mapped_to' => $hosting['mapped_to'],
- 'password' => $hosting['password'],
- 'pwtype' => $hosting['pwtype']
- );
- }
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
-
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'],
- 'type' => 'vhost', // can be vhost or alias
- 'parent_domain_id' => '', // only if alias
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => 'www', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- // find already inserted domain
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $msg .= "Found domain with id " . $new_id . ", updating it. ";
- $params = array_merge($old_domain, $params);
- $ok = $importer->sites_web_domain_update($session_id, $plesk_ispc_ids[$entry['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->sites_web_domain_add($session_id, $plesk_ispc_ids[$entry['cl_id']], $params, true); // read only...
- }
-
- $domain_ids[$entry['id']] = $new_id;
- $domain_roots[$entry['id']] = $entry['www_root'];
- $domain_owners[$entry['id']] = $entry['cl_id'];
- $dns_domain_ids[$entry['dns_zone_id']] = $entry['id'];
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Domain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Domain " . $entry['id'] . " (" . $entry['name'] . ") inserted -> " . $new_id . ". ";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/web/index.html ]] ; then rm ' . $path . '/web/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $hosting['www_root'] . '/ ' . $path . '/web/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('grep ' . escapeshellarg($hosting['www_root']) . ' ' . $path . '/web -r -l | xargs replace ' . escapeshellarg($hosting['www_root']) . ' ' . escapeshellarg($path . '/web') . ' --');
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
- }
-
- // add domain to mail domains too
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'active' => yes_no(($entry['status'] == 0 ? 1 : 0))
- );
- $old_domain = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found maildomain with id " . $new_id . ", updating it. ";
- $ok = $importer->mail_domain_update($session_id, $plesk_ispc_ids[$entry['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Inserting new maildomain " . $entry['name'] . ". ";
- $new_id = $importer->mail_domain_add($session_id, $plesk_ispc_ids[$entry['cl_id']], $params);
- }
-
- $maildomain_ids[$entry['id']] = $new_id;
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Maildomain (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Maildomain " . $new_id . " (" . $entry['name'] . ") inserted. ";
- }
-
- }
-
- $domain_aliases = $exdb->queryAllRecords("SELECT da.id, da.name, da.displayName, da.dns, da.mail, da.web, da.dom_id, da.status FROM domainaliases as da");
- foreach($domain_aliases as $entry) {
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'type' => 'alias',
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'redirect_type' => '',
- 'redirect_path' => '',
- 'subdomain' => 'www',
- 'active' => yes_no(($entry['status'] == 0 && $entry['web'] === 'true') ? 1 : 0)
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain with id " . $new_id . ", updating it. ";
- $ok = $importer->sites_web_aliasdomain_update($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->sites_web_aliasdomain_add($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Aliasdomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Aliasdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted. ";
- }
-
- // add alias to mail domains, too
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'active' => yes_no(($entry['status'] == 0 && $entry['mail'] === 'true') ? 1 : 0)
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found mail domain with id " . $new_id . ", updating it. ";
- $ok = $importer->mail_domain_update($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->mail_domain_add($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $params);
- }
-
- $maildomain_ids[$entry['id']] = $new_id;
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Aliasmaildomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Aliasmaildomain " . $entry['id'] . " (" . $entry['name'] . ") inserted. ";
- }
- }
-
- $subdomain_ids = array();
- $subdomain_roots = array();
- $subdomain_owners = array();
-
- $subdomains = $exdb->queryAllRecords("SELECT d.id, d.cr_date, d.name, d.displayName, d.dns_zone_id, d.status, d.htype, d.real_size, d.cl_id, d.limits_id, d.params_id, d.guid, d.overuse, d.gl_filter, d.vendor_id, d.webspace_id, d.webspace_status, d.permissions_id, d.external_id, d.parentDomainId FROM domains as d WHERE d.parentDomainId != 0");
- foreach($subdomains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['id'] . "'");
- $options = array();
- while($opt = $exdb->nextRecord()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['parentDomainId'] . "'");
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM hosting as h LEFT JOIN sys_users as s ON (s.id = h.sys_user_id) LEFT JOIN accounts as a ON (s.account_id = a.id) WHERE h.dom_id = '" . $entry['id'] . "'");
- if($hosting['sys_user_id']) {
- $dom_ftp_users[] = array('id' => 0,
- 'dom_id' => $hosting['dom_id'],
- 'sys_user_id' => $hosting['sys_user_id'],
- 'login' => $hosting['login'],
- 'account_id' => $hosting['account_id'],
- 'home' => $hosting['home'],
- 'shell' => $hosting['shell'],
- 'quota' => $hosting['quota'],
- 'mapped_to' => $hosting['mapped_to'],
- 'password' => $hosting['password'],
- 'pwtype' => $hosting['pwtype']
- );
- }
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
-
- $web_folder = $hosting['www_root'];
- $web_folder = preg_replace('/^\/(var|srv)\/www\/(vhosts\/)?[^\/]+\/(.*)\/httpdocs.*/', '$3', $web_folder);
-
- //if(substr($web_folder, 0, 1) === '/') $web_folder = substr($web_folder, 1);
- //if(substr($web_folder, -1, 1) === '/') $web_folder = substr($web_folder, 0, -1);
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'],
- 'web_folder' => $web_folder,
- 'type' => 'vhostsubdomain', // can be vhost or alias
- 'parent_domain_id' => $domain_ids[$entry['parentDomainId']],
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => '', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain " . $entry['name'] . " with id " . $new_id . ", updating it. ";
- $ok = $importer->sites_web_vhost_subdomain_update($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->sites_web_vhost_subdomain_add($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $params, true); // read only...
- }
-
- $subdomain_ids[$entry['id']] = $new_id;
- $subdomain_roots[$entry['id']] = $hosting['www_root'];
- $subdomain_owners[$entry['id']] = $entry['cl_id'];
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") with folder \"" . $web_folder . "\" could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted. ";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/' . $web_folder . '/index.html ]] ; then rm ' . $path . '/' . $web_folder . '/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $hosting['www_root'] . '/ ' . $path . '/' . $web_folder . '/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('grep ' . escapeshellarg($hosting['www_root']) . ' ' . $path . '/web -r -l | xargs replace ' . escapeshellarg($hosting['www_root']) . ' ' . escapeshellarg($path . '/web') . ' --');
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
-
- }
- $domain_ids[$entry['id']] = $new_id;
- }
-
- // subdomains in plesk are real vhosts, so we have to treat them as vhostsubdomains
- $subdomains = $exdb->queryAllRecords("SELECT d.id, d.dom_id, d.name, d.displayName, d.sys_user_id, d.ssi, d.php, d.cgi, d.perl, d.python, d.fastcgi, d.miva, d.coldfusion, d.asp, d.asp_dot_net, d.ssl, d.same_ssl, d.php_handler_type, d.www_root, d.maintenance_mode, d.certificate_id FROM subdomains as d");
- foreach($subdomains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['dom_id'] . "'");
- $options = array();
- while($opt = $res->get()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
-
- /* TODO: options that might be used later:
- * OveruseBlock true/false
- * OveruseNotify true/false
- * OveruseSuspend true/false
- * wu_script true/false (webusers allowed to use scripts?)
- * webmail string (webmailer used - horde)
- */
-
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id FROM hosting as h WHERE h.dom_id = '" . $entry['dom_id'] . "'");
- $hosting = array_merge($hosting, $entry); //settings from subdomain override parent settings
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
-
- $web_folder = $entry['www_root'];
- $web_folder = preg_replace('/^\/(var|srv)\/www\/(vhosts\/)?[^\/]+\/(.*)\/httpdocs.*/', '$3', $web_folder);
-
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'] . '.' . $parent_domain['name'],
- 'web_folder' => $web_folder,
- 'type' => 'vhostsubdomain', // can be vhost or alias
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => '', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . '.' . $parent_domain['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain with id " . $new_id . ", updating it. ";
- $ok = $importer->sites_web_vhost_subdomain_update($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->sites_web_vhost_subdomain_add($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $params, true); // read only...
- }
-
- $subdomain_ids[$entry['id']] = $new_id;
- $subdomain_roots[$entry['id']] = $entry['www_root'];
- $subdomain_owners[$entry['id']] = $entry['cl_id'];
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted. ";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/' . $web_folder . '/index.html ]] ; then rm ' . $path . '/' . $web_folder . '/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $entry['www_root'] . '/ ' . $path . '/' . $web_folder . '/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
- }
- }
-
- // dns have to be done AFTER domains due to missing client info
- /*
- $dns_zone_ids = array();
- $dns_zone_serials = array();
- $dns_zones = $exdb->queryAllRecords("SELECT d.id, d.name, d.displayName, d.status, d.email, d.type, d.ttl, d.ttl_unit, d.refresh, d.refresh_unit, d.retry, d.retry_unit, d.expire, d.expire_unit, d.minimum, d.minimum_unit, d.serial_format, d.serial FROM dns_zone as d");
- foreach($dns_zones as $entry) {
- $ns = $exdb->queryOneRecord("SELECT d.id, d.val FROM dns_recs as d WHERE d.dns_zone_id = '" . $entry['id'] . "' AND d.type = 'NS'");
- if(!$ns) $ns = array('id' => 0, 'val' => 'ns.' . $entry['name']);
-
- $dom_id = $dns_domain_ids[$entry['id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $params = array(
- 'server_id' => $server_id,
- 'origin' => add_dot($entry['name']), // what to put here?
- 'ns' => add_dot($ns['val']), // what to put here?
- 'mbox' => str_replace('@', '.', add_dot($entry['email'])),
- 'serial' => $entry['serial'],
- 'refresh' => $entry['refresh'],
- 'retry' => $entry['retry'],
- 'expire' => $entry['expire'],
- 'minimum' => $entry['minimum'],
- 'ttl' => $entry['ttl'],
- 'xfer' => '',
- 'also_notify' => '',
- 'update_acl' => '',
- 'active' => yes_no(($entry['status'] == 0 ? 1 : 0))
- );
-
- $old_dns = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin = '" . add_dot($entry['name']) . "'");
- if($old_dns) $old_id = $old_dns['id'];
- if($old_id) {
- $new_id = $old_id;
- $ok = $importer->dns_zone_update($session_id, $client_id, $old_id, $params);
- /if($ok === false) {
- // $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be updated. ";
- // $msg .= " Error: " . $importer->getFault() . " ";
- //} else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") updated. ";
- //}
- } else {
- $new_id = $importer->dns_zone_add($session_id, $client_id, $params);
- if($new_id === false) {
- //something went wrong here...
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") inserted. ";
- }
- }
- $dns_zone_ids[$entry['id']] = $new_id;
- $dns_zone_serials[$entry['id']] = $entry['serial'];
- }
- unset($dns_zones);
- */
- /* types:
- * PTR, NS, A, CNAME, MX, TXT, AAAA
- *//*
- $dns_records = $exdb->queryAllRecords("SELECT d.id, d.dns_zone_id, d.type, d.displayHost, d.host, d.displayVal, d.val, d.opt, d.time_stamp FROM dns_recs as d");
- foreach($dns_records as $entry) {
- $dns_id = (array_key_exists($entry['dns_zone_id'], $dns_zone_ids) ? $dns_zone_ids[$entry['dns_zone_id']] : 0);
- if(!$dns_id) {
- // entry for missing dns zone...?
- continue;
- }
-
- $dom_id = $dns_domain_ids[$entry['dns_zone_id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $params = array(
- 'server_id' => $server_id,
- 'zone' => $dns_id,
- 'name' => add_dot($entry['host']),
- 'type' => $entry['type'],
- 'data' => $entry['val'],
- //'ttl' => '',
- 'active' => yes_no(1),
- 'stamp' => $entry['time_stamp'],
- //'serial' => $dns_zone_serials[$entry['id']]
- );
-
-
- $record = $app->db->queryOneRecord("SELECT id FROM dns_rr WHERE zone = '" . $dns_zone_ids[$entry['dns_zone_id']] . "' AND name = '" . add_dot($entry['host']) . "' AND type = '" . $entry['type'] . "'");
- $old_id = 0;
- if($record) {
- $old_id = $record['id'];
- }
-
- $new_id = false;
- if($entry['type'] === 'MX') {
- $params['aux'] = $entry['opt'];
- if($old_id) {
- $ok = $importer->dns_mx_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_mx_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'PTR') {
- if($old_id) {
- $ok = $importer->dns_ptr_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_ptr_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'A') {
- if($old_id) {
- $ok = $importer->dns_a_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_a_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'AAAA') {
- if($old_id) {
- $ok = $importer->dns_aaaa_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_aaaa_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'TXT') {
- if($old_id) {
- $ok = $importer->dns_txt_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_txt_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'CNAME') {
- if($old_id) {
- $ok = $importer->dns_cname_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_cname_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'NS') {
- if($old_id) {
- $ok = $importer->dns_ns_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_ns_add($session_id, $client_id, $params);
- }
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted/updated. ";
- $msg .= " Error: " . $importer->getFault() . " " . var_export($params, true) . ' ';
- } else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") inserted/updated. ";
- }
-
- }
- unset($dns_records);
- */
-
- $folder_ids = array();
- /* web_folder creation*/
- $protected_dirs = $exdb->queryAllRecords("SELECT `id`, `non_ssl`, `ssl`, `cgi_bin`, `realm`, `path`, `dom_id` FROM protected_dirs");
- foreach($protected_dirs as $entry) {
- if($entry['path'] == 'plesk-stat') continue;
-
- $params = array('server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'path' => $entry['path'],
- 'active' => 'y');
-
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $folder_id = 0;
- $check = $app->db->queryOneRecord('SELECT * FROM `web_folder` WHERE `parent_domain_id` = \'' . $domain_ids[$entry['dom_id']] . '\' AND `path` = \'' . $app->db->quote($entry['path']) . '\'');
- if($check) {
- $ok = $importer->sites_web_folder_update($session_id, $client_id, $check['web_folder_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- $folder_id = $check['web_folder_id'];
- $msg .= 'Updated HTTP AUTH folder (' . $folder_id . '): ' . $entry['path'] . ' ';
- } else {
- $folder_id = $importer->sites_web_folder_add($session_id, $client_id, $params);
- $msg .= 'Created HTTP AUTH folder (' . $folder_id . '): ' . $entry['path'] . ' ';
- if(!$folder_id) $msg .= " Error: " . $importer->getFault() . " " . var_export($params, true) . ' ';
- }
-
- $folder_ids[$entry['id']] = $folder_id;
- }
-
- $pd_users = $exdb->queryAllRecords("SELECT u.id, u.login, u.account_id, u.pd_id, a.password, d.dom_id FROM pd_users as u INNER JOIN protected_dirs as d ON (d.id = u.pd_id) INNER JOIN accounts as a ON (a.id = u.account_id)");
- foreach($pd_users as $entry) {
- $params = array('server_id' => $server_id,
- 'web_folder_id' => $folder_ids[$entry['pd_id']],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'active' => 'y');
- if($entry['login'] == '' || !isset($folder_ids[$entry['pd_id']])) {
- $msg .= 'Skipping Folder user because of missing data. ';
- continue;
- }
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_folder_user` WHERE `web_folder_id` = ' . intval($folder_ids[$entry['pd_id']]) . ' AND `username` = \'' . $entry['login'] . '\'');
- if($check) {
- $ok = $importer->sites_web_folder_user_update($session_id, $client_id, $check['web_folder_user_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- $msg .= 'Updated HTTP AUTH folder user (' . $fu_id . '): ' . $entry['login'] . ' ';
- } else {
- $fu_id = $importer->sites_web_folder_user_add($session_id, $client_id, $params);
- $msg .= 'Created HTTP AUTH folder user (' . $fu_id . '): ' . $entry['login'] . ' ';
- if(!$fu_id) $msg .= " Error: " . $importer->getFault() . " " . var_export($params, true) . ' ';
- }
- }
-
- /*$web_users = $exdb->queryAllRecords("SELECT id, dom_id, sys_user_id, ssi, php, cgi, perl, python, fastcgi, asp, asp_dot_net FROM web_users");
- foreach($web_users as $entry) {
- $params =
- }
- */
-
-
- $ftp_users = $exdb->queryAllRecords("SELECT f.id, f.dom_id, f.sys_user_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM ftp_users as f INNER JOIN sys_users as s ON (s.id = f.sys_user_id) INNER JOIN accounts as a ON (a.id = s.account_id)");
- $ftp_users = array_merge($ftp_users, $dom_ftp_users);
- foreach($ftp_users as $entry) {
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$entry['id']) continue;
- $ispc_dom_id = $domain_ids[$entry['dom_id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $document_root = str_replace("[website_id]", $ispc_dom_id, $web_config["website_path"]);
- $document_root = str_replace("[website_idhash_1]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_2]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_3]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_4]", id_hash($ispc_dom_id, 1), $document_root);
-
- // Set the values for document_root, system_user and system_group
- $system_user = 'web'.$ispc_dom_id;
- $system_group = 'client'.$client_id;
- $document_root = str_replace("[client_id]", $client_id, $document_root);
- $document_root = str_replace("[client_idhash_1]", id_hash($client_id, 1), $document_root);
- $document_root = str_replace("[client_idhash_2]", id_hash($client_id, 2), $document_root);
- $document_root = str_replace("[client_idhash_3]", id_hash($client_id, 3), $document_root);
- $document_root = str_replace("[client_idhash_4]", id_hash($client_id, 4), $document_root);
-
- $uid = $system_user;
- $gid = $system_group;
-
- $sys_grp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = '" . $client_id . "'");
- if(!$sys_grp) $sys_grp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = 0");
-
- if(!$sys_grp) $sys_groupid = 1;
- else $sys_groupid = $sys_grp['groupid'];
-
- $params = array(
- 'server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'quota_size' => byte_to_mbyte(($entry['quota'] == 0 ? -1 : $entry['quota'])),
- 'active' => yes_no(1),
- 'uid' => $uid,
- 'gid' => $gid,
- 'dir' => $document_root . (substr($document_root, -1) !== '/' ? '/' : ''),
- 'sys_groupid' => $sys_groupid
- //'quota_files' => $entry[''],
- //'ul_ratio' => $entry[''],
- //'dl_ratio' => $entry[''],
- //'ul_bandwidth' => $entry[''],
- //'dl_bandwidth' => $entry['']
- );
- $new_id = false;
- $old_ftp = $app->db->queryOneRecord("SELECT ftp_user_id, parent_domain_id FROM ftp_user WHERE username = '" . $entry['login'] ."'");
- if($old_ftp) {
- if($old_ftp['parent_domain_id'] != $domain_ids[$entry['dom_id']]) {
- $msg .= "FTP Account conflicts with other domain! ";
- } else {
- $new_id = $old_ftp['ftp_user_id'];
- $ok = $importer->sites_ftp_user_update($session_id, $client_id, $new_id, array_merge($old_ftp, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- }
- } else {
- $new_id = $importer->sites_ftp_user_add($session_id, $client_id, $params);
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "FTP " . $entry['id'] . " (" . $entry['login'] . ") could not be inserted. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- $msg .= "Params: " . var_export($params, true) . " ";
- } else {
- $msg .= "FTP Account " . $entry['id'] . " (" . $entry['login'] . ") inserted. ";
- }
- }
-
- $mail_config = $app->getconf->get_server_config($server_id, 'mail');
-
- $mail_addresses = $exdb->queryAllRecords("SELECT m.id, m.mail_name, m.perm_id, m.postbox, m.account_id, m.redirect, m.redir_addr, m.mail_group, m.autoresponder, m.spamfilter, m.virusfilter, m.mbox_quota, m.dom_id, m.userId, a.password, a.type as `pwtype` FROM mail as m LEFT JOIN accounts as a ON (a.id = m.account_id) ");
- $mail_ids = array();
- foreach($mail_addresses as $entry) {
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$parent_domain) {
- $msg .= "Could not insert/update mail address " . $entry['mail_name'] . " as domain is missing. ";
- continue;
- }
-
- /* postbox true/false
- * mail_group true/false
- * spamfilter true/false
- */
-
-
- $has_responder = false;
- if($entry['autoresponder'] === 'true') {
- $responder = $exdb->queryOneRecord("SELECT id, mn_id, resp_name, keystr, key_where, subject, reply_to, content_type, charset, text, resp_on, ans_freq, mem_limit FROM mail_resp WHERE mn_id = '" . $entry['id'] . "'");
- if($responder) $has_responder = true;
- }
-
- $maildir = str_replace("[domain]", $parent_domain["name"], $mail_config["maildir_path"]);
- $maildir = str_replace("[localpart]", strtolower($entry["mail_name"]), $maildir);
-
-
- $params = array(
- 'server_id' => $server_id,
- 'email' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'login' => strtolower($entry['mail_name'] . "@" . $parent_domain['name']),
- 'password' => $entry['password'],
- 'name' => $entry[''],
- 'quota' => ($entry['mbox_quota'] == -1 ? 0 : $entry['mbox_quota']), // in bytes!
- 'cc' => $entry['redir_addr'],
- 'maildir' => $maildir,
- 'homedir' => $mail_config["homedir_path"],
- 'uid' => $mail_config["mailuser_uid"],
- 'gid' => $mail_config["mailuser_gid"],
- 'postfix' => yes_no(1),
- 'disableimap' => yes_no(0),
- 'disablepop3' => yes_no(0),
- 'autoresponder_subject' => ($has_responder ? $responder['subject'] : ''),
- 'autoresponder_text' => ($has_responder ? $responder['text'] : ''),
- 'autoresponder' => yes_no($has_responder ? 1 : 0),
- 'autoresponder_start_date' => ($has_responder && $responder['resp_on'] === 'true' ? strftime('%Y-%m-%d', time()) : strftime('%Y-%m-%d', time() - (3600*24))),
- 'autoresponder_end_date' => ($has_responder && $responder['resp_on'] === 'true' ? strftime('%Y-%m-%d', time() + (3600*24*365)) : strftime('%Y-%m-%d', time())),
- 'move_junk' => yes_no(0)
- );
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- // if this is no postbox we do not need to create a mailuser
- if($entry['postbox'] !== 'false') {
- $old_mail = $app->db->queryOneRecord("SELECT mailuser_id FROM mail_user WHERE email = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "'");
- if($old_mail) {
- $new_id = $old_mail['mailuser_id'];
- $ok = $importer->mail_user_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->mail_user_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail" . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . ") could not be inserted/updated. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Mail " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . ") inserted/updated. ";
-
- add_command('rsync -av --delete-after --modify-window 10 --progress -e ssh root@${MYSERVER}:/var/qmail/mailnames/' . $parent_domain['name'] . '/' . strtolower($entry['mail_name']) . '/Maildir/ ' . $maildir . '/Maildir/');
- add_command('chown -R vmail:vmail ' . $maildir);
- add_command('chmod 744 ' . $maildir . '/Maildir/subscriptions');
- add_command('chmod 600 ' . $maildir . '/Maildir/dovecot-*');
- add_command('chmod 700 ' . $maildir . '/Maildir/cur ' . $maildir . '/Maildir/new ' . $maildir . '/Maildir/tmp');
- add_command('chmod 600 ' . $maildir . '/Maildir/cur/* ' . $maildir . '/Maildir/new/* ' . $maildir . '/Maildir/tmp/*');
- }
- $mail_ids[$entry['id']] = $new_id;
- }
-
- // select all redirs for this address
- $mail_redir = $exdb->queryAllRecords("SELECT id, mn_id, address FROM mail_redir WHERE mn_id = '" . $entry['id'] . "'");
- foreach($mail_redir as $redir) {
- $params = array(
- 'server_id' => $server_id,
- 'source' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'destination' => $redir['address'],
- 'type' => 'forward', // or forward
- 'active' => yes_no(1)
- );
-
- $old_mail = $app->db->queryOneRecord("SELECT forwarding_id FROM mail_forwarding WHERE source = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "' AND destination = '" . $redir['address'] . "'");
- if($old_mail) {
- $new_id = $old_mail['forwarding_id'];
- $ok = $importer->mail_forward_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->mail_forward_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail redirect " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . " to " . $redir['address'] . ") could not be inserted/updated. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Mail redirect " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . " to " . $redir['address'] . ") inserted/updated. ";
- }
- }
- unset($mail_redir);
- }
- unset($mail_addresses);
-
- $mail_aliases = $exdb->queryAllRecords("SELECT a.id, a.mn_id, a.alias, m.dom_id, m.mail_name FROM mail_aliases as a INNER JOIN mail as m ON (m.id = a.mn_id)");
- foreach($mail_aliases as $entry) {
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$parent_domain) {
- $msg .= "Could not insert/update mail alias " . $entry['alias'] . " as domain is missing. ";
- continue;
- }
-
- $params = array(
- 'server_id' => $server_id,
- 'source' => $entry['alias'] . "@" . $parent_domain['name'],
- 'destination' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'type' => 'alias', // or forward
- 'active' => yes_no(1)
- );
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $old_mail = $app->db->queryOneRecord("SELECT forwarding_id FROM mail_forwarding WHERE source = '" . $entry['alias'] . "@" . $parent_domain['name'] . "' AND destination = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "'");
- if($old_mail) {
- $new_id = $old_mail['forwarding_id'];
- $ok = $importer->mail_alias_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $new_id = $importer->mail_alias_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail alias " . $entry['id'] . " (" . $entry['alias'] . "@" . $parent_domain['name'] . ") could not be inserted/updated. ";
- $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $msg .= "Mail alias " . $entry['id'] . " (" . $entry['alias'] . "@" . $parent_domain['name'] . ") inserted/updated. ";
- }
- }
- unset($mail_aliases);
-
- //spamfilter // preferences = true/false, username = email address, can be *@*
- //id, username, preferences
-
- //spamfilter_preferences
- //prefid, spamfilter_id, preference, value
-
-
-
- //$client_traffic = $exdb->queryAllRecords("SELECT t.cl_id, t.date, t.http_in, t.http_out, t.ftp_in, t.ftp_out, t.smtp_in, t.smtp_out, t.pop3_imap_in, t.pop3_imap_out FROM ClientsTraffic as t");
-
- $db_userids = array();
-
- $db_users = $exdb->queryAllRecords("SELECT u.id, u.login, u.account_id, u.db_id, a.password, a.type as `pwtype`, d.dom_id FROM db_users as u INNER JOIN data_bases as d ON (d.id = u.db_id) LEFT JOIN accounts as a ON (a.id = u.account_id)");
- foreach($db_users as $db_user) {
- // database user
- $params = array('server_id' => $server_id,
- 'database_user' => $db_user['login'],
- 'database_password' => $db_user['password']);
-
- $client_id = $plesk_ispc_ids[$domain_owners[$db_user['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user` = \'' . $app->db->quote($db_user['login']) . '\'');
- $db_user_id = 0;
- if($check) {
- $ok = $importer->sites_database_user_update($session_id, $client_id, $check['database_user_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- $db_user_id = $check['database_user_id'];
- } else {
- $db_user_id = $importer->sites_database_user_add($session_id, $client_id, $params);
- }
-
- if(!isset($db_userids[$db_user['db_id']])) $db_userids[$db_user['db_id']] = $db_user_id;
- $msg .= 'Created / updated database user: ' . $db_user['login'] . ' ';
- }
-
- add_command('# DATABASES');
-
- $databases = $exdb->queryAllRecords("SELECT d.id, d.name, d.type, d.dom_id, d.db_server_id, d.default_user_id FROM `data_bases` as d");
- foreach($databases as $database) {
- $params = array('server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$database['dom_id']],
- 'type' => 'mysql',
- 'database_name' => $database['name'],
- 'database_user_id' => $db_userids[$database['id']],
- 'database_ro_user_id' => 0,
- 'database_charset' => 'utf8',
- 'remote_access' => 'n',
- 'active' => 'y',
- 'remote_ips' => '');
-
- $client_id = $plesk_ispc_ids[$domain_owners[$database['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_database` WHERE `database_name` = \'' . $app->db->quote($database['name']) . '\'');
- if($check) {
- $ok = $importer->sites_database_update($session_id, $client_id, $check['database_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . " ";
- } else {
- $importer->sites_database_add($session_id, $client_id, $params);
- }
-
- add_command('for T in `mysql -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS} ' . $database['name'] . ' -e \'show tables\' | awk \'{ print $1}\' | grep -v \'^Tables\'` ; do echo "DROP TABLE \\`$T\\`" ; mysql -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS} ' . $database['name'] . ' -e "DROP TABLE \\`$T\\`" ; done');
- add_command('mysqldump -cCQ --quote-names --hex-blob -h ${MYSERVER} -u ${MYSQL_EXPORT_USER} -p${MYSQL_EXPORT_PASS} ' . $database['name'] . ' | mysql -D ' . $database['name'] . ' -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS}');
-
- $msg .= 'Created / updated database: ' . $database['name'] . ' ';
- }
-
- // do we need table disk_usage for import? i think we don't
-
- // name is domain name, displayName is including "Umlaute"
- //$anon_ftp = $exdb->queryAllRecords("SELECT f.id, f.dom_id, f.max_conn, f.bandwidth, f.incoming, f.incoming_readable, f.incoming_subdirs, f.status, f.quota, f.display_login, f.login_text FROM anon_ftp as f");
-
-
- //DomainServices
- //id, dom_id, type, status, parameters_id, ipCollectionId
-
- //DomainsTraffic
- //dom_id, date, http_in, http_out, ftp_in, ftp_out, smtp_in, smtp_out, pop3_imap_in, pop3_imap_out
-
-
- //IP_Adresses
- //id, ip_address, mask, iface, ssl_certificate_id, default_domain_id, ftps, main, status
-
- //ip_pool
- //id, ip_address_id, type
-
- /* TODO:
- */
- //misc // needed? global settings
- //param, val
-
- //Permissions
- //id, permission, value
-
- //smb_users // pass is base64 encoded plaintext
- //id, login, password, contactName, email, companyName, phone, fax, address, city, state, zip, country, creationDate, isBuiltIn, roleId, uuid, isLocked, authCookie, sessionId, externalId, ownerId, isDomainAdmin, additionalInfo, imNumber, imType, isLegacyUser
-
- /* TODO:
- sys_users // mapped_to = parent_id
- id, login, account_id, home, shell, quota, mapped_to
-
- */
- add_command('unset MYSERVER');
- add_command('unset MYSQL_EXPORT_USER');
- add_command('unset MYSQL_EXPORT_PASS');
- add_command('unset MYSQL_IMPORT_USER');
- add_command('unset MYSQL_IMPORT_PASS');
- add_command('# END');
- file_put_contents('/tmp/plesk_import_commands.sh', $COMMANDS);
- } else {
- $msg .= 'Connecting to external database failed! ';
- $msg .= $exdb->connect_error;
- $msg .= substr($exdb->errorMessage, 0, 25);
-
- $error .= $exdb->errorMessage;
- }
-
- //* restore db login details
- /*$conf['db_host'] = $conf_bak['db_host'];
- $conf['db_database'] = $conf_bak['db_database'];
- $conf['db_user'] = $conf_bak['db_user'];
- $conf['db_password'] = $conf_bak['db_password'];*/
-
-}
-
-$app->tpl->setVar('msg', $msg);
-$app->tpl->setVar('error', $error);
-
-
-$app->tpl_defaults();
-$app->tpl->pparse();
-
-
-?>
diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php
index 119bfb87aa4f613b2d1c84dfba57ea98d83bd8a4..b5db9affb2f8aa3fd38a1634737e3247925e917f 100644
--- a/interface/web/tools/import_vpopmail.php
+++ b/interface/web/tools/import_vpopmail.php
@@ -68,7 +68,7 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
$msg .= 'Databse connection succeeded ';
$local_server_id = intval($_POST['local_server_id']);
- $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = $local_server_id");
+ $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = ?", $local_server_id);
if($tmp['mail_server'] == 1) {
start_import();
@@ -106,15 +106,15 @@ function start_import() {
foreach($records as $rec) {
$pw_domain = $rec['pw_domain'];
//* Check if we have a client with that username already
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = '$pw_domain'");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = ?", $pw_domain);
if($tmp['number'] == 0) {
$pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);
$country = 'FI';
//* add client
$sql = "INSERT INTO `client` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `company_name`, `company_id`, `contact_name`, `customer_no`, `vat_id`, `street`, `zip`, `city`, `state`, `country`, `telephone`, `mobile`, `fax`, `email`, `internet`, `icq`, `notes`, `bank_account_owner`, `bank_account_number`, `bank_code`, `bank_name`, `bank_account_iban`, `bank_account_swift`, `default_mailserver`, `limit_maildomain`, `limit_mailbox`, `limit_mailalias`, `limit_mailaliasdomain`, `limit_mailforward`, `limit_mailcatchall`, `limit_mailrouting`, `limit_mailfilter`, `limit_fetchmail`, `limit_mailquota`, `limit_spamfilter_wblist`, `limit_spamfilter_user`, `limit_spamfilter_policy`, `default_webserver`, `limit_web_ip`, `limit_web_domain`, `limit_web_quota`, `web_php_options`, `limit_cgi`, `limit_ssi`, `limit_perl`, `limit_ruby`, `limit_python`, `force_suexec`, `limit_hterror`, `limit_wildcard`, `limit_ssl`, `limit_web_subdomain`, `limit_web_aliasdomain`, `limit_ftp_user`, `limit_shell_user`, `ssh_chroot`, `limit_webdav_user`, `limit_aps`, `default_dnsserver`, `limit_dns_zone`, `limit_dns_slave_zone`, `limit_dns_record`, `default_dbserver`, `limit_database`, `limit_cron`, `limit_cron_type`, `limit_cron_frequency`, `limit_traffic_quota`, `limit_client`, `limit_mailmailinglist`, `limit_openvz_vm`, `limit_openvz_vm_template_id`, `parent_client_id`, `username`, `password`, `language`, `usertheme`, `template_master`, `template_additional`, `created_at`, `id_rsa`, `ssh_rsa`)
- VALUES(1, 1, 'riud', 'riud', '', '', '', '$pw_domain', '', '', '', '', '', '', '$country', '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, '$pw_domain', '$pw_crypt_password', '".$conf['language']."', 'default', 0, '', NOW(), '', '')";
- $app->db->query($sql);
+ VALUES(1, 1, 'riud', 'riud', '', '', '', ?, '', '', '', '', '', '', ?, '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, ?, ?, ?, 'default', 0, '', NOW(), '', '')";
+ $app->db->query($sql, $pw_domain,$country, $pw_domain, $pw_crypt_password, $conf['language']);
$client_id = $app->db->insertID();
//* add sys_group
@@ -134,13 +134,13 @@ function start_import() {
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$client_id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $client_id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$client_id.")";
- $app->db->query($sql);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$client_id);
//* Set the default servers
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
@@ -152,8 +152,8 @@ function start_import() {
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
$default_dbserver = $app->functions->intval($tmp['server_id']);
- $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$client_id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";
+ $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dbserver, $client_id);
$msg .= "Added Client $username. ";
} else {
@@ -169,9 +169,9 @@ function start_import() {
$domain = $rec['pw_domain'];
//* Check if domain exists already
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '$domain'");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $domain);
if($tmp['number'] == 0) {
- $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '$domain'");
+ $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $domain);
$sys_userid = ($user_rec['userid'] > 0)?$user_rec['userid']:1;
$sys_groupid = ($user_rec['default_group'] > 0)?$user_rec['default_group']:1;
@@ -193,12 +193,12 @@ function start_import() {
$email = $rec['pw_name'].'@'.$rec['pw_domain'];
//* Check for duplicate mailboxes
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($email)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $email);
if($tmp['number'] == 0) {
//* get the mail domain for the mailbox
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '$domain'");
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $domain);
if(is_array($domain_rec)) {
$pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);
@@ -242,12 +242,12 @@ function start_import() {
}
//* Check for duplicate forwards
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($email)."' AND destination = '".$app->db->quote($target)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ?", $email, $target);
if($tmp['number'] == 0 && $target != '') {
//* get the mail domain
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$rec['domain']."'");
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $rec['domain']);
if(is_array($domain_rec)) {
$sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `source`, `destination`, `type`, `active`)
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 6a85b186a12962aeec642aef5bcc2bb2c08271c3..6738843bc4c9072c93f8f27ca7651dd19e1afa76 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -182,8 +182,8 @@ class page_action extends tform_actions {
//* firewall
$array_out = array();
foreach($server_data as $db_table => $data) {
- $sql = @(isset($data['server_id']))?"SELECT * FROM $db_table WHERE server_id = $server_id":"SELECT * FROM $db_table";;
- $records = $app->db->queryAllRecords($sql);
+ $sql = @(isset($data['server_id']))?"SELECT * FROM ?? WHERE server_id = ":"SELECT * FROM ??";
+ $records = $app->db->queryAllRecords($sql, $db_table, $server_id);
if (!empty($records)) array_push($array_out, $db_table);
}
@@ -377,7 +377,7 @@ class page_action extends tform_actions {
$server_name = array();
if ( $server_id == 0 ) { //* resync multiple server
- $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ".$server_type."_server = 1 AND active = 1 AND mirror_server_id = 0");
+ $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ?? = 1 AND active = 1 AND mirror_server_id = 0", $server_type."_server");
foreach ($temp as $server) {
$temp_id .= $server['server_id'].',';
$server_name[$server['server_id']] = $server['server_name'];
@@ -389,11 +389,11 @@ class page_action extends tform_actions {
unset($temp);
if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
- $sql = "SELECT * FROM $db_table";
+ $sql = "SELECT * FROM ??";
if ($db_table != "mail_user_filter") $sql .= " WHERE server_id IN (".$server_id.") ";
$sql .= $opt;
if ($active) $sql .= " AND active = 'y'";
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $db_table);
return array($records, $server_name);
}
@@ -529,7 +529,7 @@ class page_action extends tform_actions {
if($this->dataRecord['resync_client'] == 1) {
$db_table = 'client';
$index_field = 'client_id';
- $records = $app->db->queryAllRecords("SELECT * FROM ".$db_table);
+ $records = $app->db->queryAllRecords("SELECT * FROM ??", $db_table);
$msg .= ''.$app->tform->wordbook['do_clients_txt'].' ';
if(!empty($records)) {
$tform_def_file = '../client/form/client.tform.php';
diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 02fc4f73d2d3c8e9cd6b86ad1a60cbed115b9a9a..57542458eff600b069e8fbe118d406d82e15feed 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -102,7 +102,7 @@ class page_action extends tform_actions {
global $app;
if($_POST['passwort'] != '') {
- $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = '".$app->functions->intval($_SESSION['s']['user']['userid'])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
$_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
unset($tmp_user);
}
diff --git a/interface/web/vm/ajax_get_ip.php b/interface/web/vm/ajax_get_ip.php
index 64400775ee5ded8a8d843d63a1139e9201c7a55e..3ff5c0d294a296167f0031f2fd80bf7155da4e99 100644
--- a/interface/web/vm/ajax_get_ip.php
+++ b/interface/web/vm/ajax_get_ip.php
@@ -38,8 +38,8 @@ $server_id = $app->functions->intval($_GET["server_id"]);
if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = $server_id";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $server_id);
$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index bd7c1d2158f13134faf660d318544cbb53a8d7de..d6f06db3e31d44847198d2ab0ca3babca02a96bb 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -74,7 +74,7 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Fill the template_id field
if($client['limit_openvz_vm_template_id'] == 0) {
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Fill the client select field
diff --git a/server/lib/app.inc.php b/server/lib/app.inc.php
index a9d47a557869ca961a6ff1edc7f42b87735b0c32..213712acdd525b67e5f3cb94772f60c498363a30 100755
--- a/server/lib/app.inc.php
+++ b/server/lib/app.inc.php
@@ -151,19 +151,18 @@ class app {
if(isset($this->dbmaster)) {
$server_id = $conf['server_id'];
$loglevel = $priority;
- $tstamp = time();
$message = $this->dbmaster->quote($msg);
$datalog_id = (isset($this->modules->current_datalog_id) && $this->modules->current_datalog_id > 0)?$this->modules->current_datalog_id:0;
if($datalog_id > 0) {
- $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = $datalog_id AND loglevel = ".LOGLEVEL_ERROR);
+ $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = ? AND loglevel = ?", $datalog_id, LOGLEVEL_ERROR);
//* Do not insert duplicate errors into the web log.
if($tmp_rec['number'] == 0) {
- $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',$datalog_id,'$loglevel','$tstamp','$message')";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?)";
+ $this->dbmaster->query($sql, $server_id, $datalog_id, $loglevel, $message);
}
} else {
- $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',0,'$loglevel','$tstamp','$message')";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, UNIX_TIMESTAMP(), ?)";
+ $this->dbmaster->query($sql, $server_id, $loglevel, $message);
}
}
diff --git a/server/lib/classes/aps_installer.inc.php b/server/lib/classes/aps_installer.inc.php
index 1b018214850daf7b28d5fa3479371161c22b9e68..2a51fc5e0952cfd42b84530e8f327249e6a03811 100644
--- a/server/lib/classes/aps_installer.inc.php
+++ b/server/lib/classes/aps_installer.inc.php
@@ -259,18 +259,15 @@ class ApsInstaller extends ApsBase
// Get the domain name to use for the installation
// Would be possible in one query too, but we use 2 for easier debugging
- $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);
$this->domain = $main_domain['value'];
// Get the document root
- $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain
- WHERE domain = '".$app->db->quote($this->domain)."';");
+ $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain WHERE domain = ?", $this->domain);
$this->document_root = $domain_res['document_root'];
// Get the sub location
- $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_location' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = ?", $task['instance_id']);
$this->sublocation = $location_res['value'];
// Make sure the document_root ends with /
@@ -309,67 +306,19 @@ class ApsInstaller extends ApsBase
$db_id = parent::getXPathValue($sxe, '//db:id');
if(empty($db_id)) return; // No database needed
- /* WARNING: if this will ever be uncommented please check the updated prefix handling for user and db names!!!
- *
- // Set the database owner to the domain owner
- // ISPConfig identifies the owner by the sys_groupid (not sys_userid!)
- // so sys_userid can be set to any value
- $perm = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM web_domain
- WHERE domain = '".$this->domain."';");
- $task['sys_groupid'] = $perm['sys_groupid'];
- $serverid = $perm['server_id'];
-
- // Get the database prefix and db user prefix
- $app->uses('getconf');
- $global_config = $app->getconf->get_global_config('sites');
- $dbname_prefix = str_replace('[CLIENTID]', '', $global_config['dbname_prefix']);
- $dbuser_prefix = str_replace('[CLIENTID]', '', $global_config['dbuser_prefix']);
- $this->dbhost = DB_HOST; // Taken from config.inc.php
- if(empty($this->dbhost)) $this->dbhost = 'localhost'; // Just to ensure any hostname... ;)
-
- $this->newdb_name = $dbname_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];
- $this->newdb_user = $dbuser_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];
- $dbpw_res = $app->db->queryOneRecord("SELECT Value FROM aps_instances_settings
- WHERE Name = 'main_database_password' AND InstanceID = '".$app->db->quote($task['InstanceID'])."';");
- $newdb_pw = $dbpw_res['Value'];
-
- // In any case delete an existing database (install and removal procedure)
- $app->db->query('DROP DATABASE IF EXISTS `'.$app->db->quote($this->newdb_name).'`;');
- // Delete an already existing database with this name
- $app->db->query("DELETE FROM web_database WHERE database_name = '".$app->db->quote($this->newdb_name)."';");
-
-
- // Create the new database and assign it to a user
- if($this->handle_type == 'install')
- {
- $app->db->query('CREATE DATABASE IF NOT EXISTS `'.$app->db->quote($this->newdb_name).'`;');
- $app->db->query('GRANT ALL PRIVILEGES ON '.$app->db->quote($this->newdb_name).'.* TO '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' IDENTIFIED BY \'password\';');
- $app->db->query('SET PASSWORD FOR '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' = PASSWORD(\''.$newdb_pw.'\');');
- $app->db->query('FLUSH PRIVILEGES;');
-
- // Add the new database to the customer databases
- // Assumes: charset = utf8
- $app->db->query('INSERT INTO web_database (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id,
- type, database_name, database_user, database_password, database_charset, remote_access, remote_ips, active)
- VALUES ('.$task['sys_userid'].', '.$task['sys_groupid'].', "'.$task['sys_perm_user'].'", "'.$task['sys_perm_group'].'",
- "'.$task['sys_perm_other'].'", '.$app->db->quote($serverid).', "mysql", "'.$app->db->quote($this->newdb_name).'",
- "'.$app->db->quote($this->newdb_user).'", "'.$app->db->quote($newdb_pw).'", "utf8", "n", "", "y");');
- }
- */
-
$mysqlver_res = $app->db->queryOneRecord('SELECT VERSION() as ver;');
$mysqlver = $mysqlver_res['ver'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = ?", $task['instance_id']);
$newdb_pw = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = ?", $task['instance_id']);
$newdb_host = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = ?", $task['instance_id']);
$newdb_name = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = ?", $task['instance_id']);
$newdb_login = $tmp['value'];
/* Test if the new mysql connection is laready working to ensure that db servers in multiserver
@@ -470,10 +419,8 @@ class ApsInstaller extends ApsBase
$this->processMappings($mapping, $mapping_url, $this->local_installpath);
// Set the appropriate file owner
- $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
- $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain
- WHERE domain = '".$app->db->quote($main_domain['value'])."';");
+ $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);
+ $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']);
$this->file_owner_user = $owner_res['system_user'];
$this->file_owner_group = $owner_res['system_group'];
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));
@@ -486,8 +433,7 @@ class ApsInstaller extends ApsBase
}
catch(Exception $e)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log($e->getMessage(), 1);
return false;
}
@@ -506,8 +452,7 @@ class ApsInstaller extends ApsBase
{
global $app;
- $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings
- WHERE instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings WHERE instance_id = ?", $task['instance_id']);
if(empty($userdata)) return false;
foreach($userdata as $data)
@@ -628,15 +573,13 @@ class ApsInstaller extends ApsBase
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats'));
}
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_SUCCESS.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']);
}
}
catch(Exception $e)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log($e->getMessage(), 1);
return false;
}
@@ -675,15 +618,7 @@ class ApsInstaller extends ApsBase
else return false;
// Get all instance metadata
- /*
- $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i
- INNER JOIN aps_packages AS p ON i.package_id = p.id
- INNER JOIN client AS c ON i.customer_id = c.client_id
- WHERE i.id = ".$instanceid.";");
- */
- $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i
- INNER JOIN aps_packages AS p ON i.package_id = p.id
- WHERE i.id = ".$instanceid.";");
+ $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i INNER JOIN aps_packages AS p ON i.package_id = p.id WHERE i.id = ?", $instanceid);
if(!$task) return false; // formerly: throw new Exception('The InstanceID doesn\'t exist.');
if(!isset($task['instance_id'])) $task['instance_id'] = $instanceid;
@@ -720,8 +655,7 @@ class ApsInstaller extends ApsBase
// Check if the meta file is existing
if(!$metafile)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log('Unable to find the meta data file of package '.$task['path'], 1);
return false;
}
@@ -754,11 +688,11 @@ class ApsInstaller extends ApsBase
// Finally delete the instance entry + settings
if($this->handle_type == 'delete')
{
- $app->db->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');
- $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->db->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);
+ $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);
if ($app->dbmaster != $app->db) {
- $app->dbmaster->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');
- $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);
+ $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);
}
}
diff --git a/server/lib/classes/cron.d/100-mailbox_stats.inc.php b/server/lib/classes/cron.d/100-mailbox_stats.inc.php
index 750849055f6a13cca8e00582b0cff84cceb58bec..259535ffda989877855f6cb0250baea5d2327f9c 100644
--- a/server/lib/classes/cron.d/100-mailbox_stats.inc.php
+++ b/server/lib/classes/cron.d/100-mailbox_stats.inc.php
@@ -57,8 +57,8 @@ class cronjob_mailbox_stats extends cronjob {
//######################################################################################################
$parse_mail_log = false;
- $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
if(count($records) > 0) $parse_mail_log = true;
foreach($records as $rec) {
@@ -82,16 +82,17 @@ class cronjob_mailbox_stats extends cronjob {
// Save the traffic stats in the sql database
$tstamp = date('Y-m');
- $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];
- $tr = $app->dbmaster->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ?";
+ $tr = $app->dbmaster->queryOneRecord($sql, $rec['mailuser_id']);
$mail_traffic += $tr['traffic'];
if($tr['traffic_id'] > 0) {
- $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];
+ $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";
+ $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);
} else {
- $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";
+ $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";
+ $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);
}
- $app->dbmaster->query($sql);
//echo $sql;
}
@@ -140,13 +141,13 @@ class cronjob_mailbox_stats extends cronjob {
}
}
- $sql = "SELECT email FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT email FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $record) {
$mail_boxes[] = $record['email'];
}
- $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $record) {
$targets = preg_split('/[\n,]+/', $record['destination']);
foreach($targets as $target) {
@@ -231,20 +232,21 @@ class cronjob_mailbox_stats extends cronjob {
// Save the traffic stats in the sql database
$tstamp = date('Y-m');
- $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
if(array_key_exists($rec['email'], $mailbox_traffic)) {
- $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];
- $tr = $app->dbmaster->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_traffic WHERE month = ? AND mailuser_id = ?";
+ $tr = $app->dbmaster->queryOneRecord($sql, $tstamp, $rec['mailuser_id']);
$mail_traffic = $tr['traffic'] + $mailbox_traffic[$rec['email']];
if($tr['traffic_id'] > 0) {
- $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];
+ $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";
+ $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);
} else {
- $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";
+ $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";
+ $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);
}
- $app->dbmaster->query($sql);
//echo $sql;
}
}
diff --git a/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php b/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
index 25f7448cbec87929786babe151db5e482cac60f6..208161cc0f1b0570b136abc98778a76bf56a3ed7 100644
--- a/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
@@ -82,14 +82,8 @@ class cronjob_monitor_clamav_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -158,14 +152,8 @@ class cronjob_monitor_clamav_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_cpu.inc.php b/server/lib/classes/cron.d/100-monitor_cpu.inc.php
index 3cbf5b1f32f92ddcfbba213796be0730d7cc57b3..f570eeb81913110d1d40482febee8879c02fd2d1 100644
--- a/server/lib/classes/cron.d/100-monitor_cpu.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_cpu.inc.php
@@ -111,14 +111,8 @@ class cronjob_monitor_cpu extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_database_size.inc.php b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
index c03b82de026a620fa8b65234a925e70f2c7869ed..3e9cecf465df68745bbb74e96c79214243cb314f 100644
--- a/server/lib/classes/cron.d/100-monitor_database_size.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
@@ -78,7 +78,7 @@ class cronjob_monitor_database_size extends cronjob {
$state = 'ok';
/** Fetch the data of all databases into an array */
- $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = $server_id GROUP BY sys_groupid, database_name ASC");
+ $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = ? GROUP BY sys_groupid, database_name ASC", $server_id);
if(is_array($databases) && !empty($databases)) {
@@ -98,14 +98,8 @@ class cronjob_monitor_database_size extends cronjob {
//* Insert the data into the database
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
//* The new data is written, now we can delete the old one
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php b/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
index 2af40411e12ad01874609f98473ea0ec573d2bba..eb92c2de9dda64a9be93723830696fe70fd00c41 100644
--- a/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
@@ -142,14 +142,8 @@ class cronjob_monitor_disk_usage extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
index 5d0c7a0bc4dc03750cba6ce1790d278698589f56..75014c347def49072f048b235c5afadaa976feb5 100644
--- a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
@@ -75,7 +75,7 @@ class cronjob_monitor_email_quota extends cronjob {
//* The state of the email_quota.
$state = 'ok';
- $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = $server_id");
+ $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = ?", $server_id);
if(is_array($mailboxes)) {
//* with dovecot we can use doveadm instead of 'du -s'
@@ -134,14 +134,8 @@ class cronjob_monitor_email_quota extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php b/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
index ffc93a45cde82fe239383713b321c3e6ebb1daeb..5c4ba80561b222b6be12a1dc5f8f02951a91ab64 100644
--- a/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_fail2ban extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php b/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
index 888dd153eaf7cd3e5e0c3a68c21dd26683d94a51..a4971eb532df3a99c231c90d2e3952b334bed323 100644
--- a/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
@@ -134,14 +134,8 @@ class cronjob_monitor_hd_quota extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_iptables.inc.php b/server/lib/classes/cron.d/100-monitor_iptables.inc.php
index a5a1c260293bec83acc20dec0bce561545fb5bf3..1ad11d9ecccdcbf690c3337524221aee62b431f8 100644
--- a/server/lib/classes/cron.d/100-monitor_iptables.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_iptables.inc.php
@@ -107,14 +107,8 @@ class cronjob_monitor_iptables extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php b/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
index 1df3b02e029802657adc7c429f8e9f7b03712540..0f29b0c489e8028dadf4541f7cf5dd4cc468e59d 100644
--- a/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
@@ -82,14 +82,8 @@ class cronjob_monitor_ispconfig_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -123,14 +117,8 @@ class cronjob_monitor_ispconfig_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php b/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
index e24a4cb206a47fcb063867d6119fea488f125ba8..0b44065b2b4a251b5d7163b468c15443abb0d19c 100644
--- a/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
@@ -85,14 +85,8 @@ class cronjob_monitor_ispconfig_version extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mail_log.inc.php b/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
index d5613a137bb4973d8c512628d824def94bffdfd0..5c41105d3c7aadf3765f39b68beb5217d104c578 100644
--- a/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
@@ -88,14 +88,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -122,14 +116,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -156,14 +144,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php b/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
index b1f7089abe5a612e71589f5f966083c02fd096b7..b259904d55752c36407517f87aed98863161ba4c 100644
--- a/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
@@ -113,14 +113,8 @@ class cronjob_monitor_mail_queue extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php b/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
index 05b196a39509a4789511aabbe1833d6997919981..73567478dc33cb2aee8f903ffe8358f45e460648 100644
--- a/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
@@ -99,14 +99,8 @@ class cronjob_monitor_mem_usage extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mongodb.inc.php b/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
index 23f31718c6ac3dba9616fa5eafe2bd281e33a193..244cb65eb1056380308540a5bf9e6fa306f608fe 100644
--- a/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_mongodb extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_openvz.inc.php b/server/lib/classes/cron.d/100-monitor_openvz.inc.php
index 08d155fae776e6887b196ab9356cdbdb5e3ab8e5..30b51b4b5fb50242648f9b66be66c08d9a01ea6e 100644
--- a/server/lib/classes/cron.d/100-monitor_openvz.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_openvz.inc.php
@@ -86,14 +86,8 @@ class cronjob_monitor_openvz extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -158,14 +152,8 @@ class cronjob_monitor_openvz extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_os_version.inc.php b/server/lib/classes/cron.d/100-monitor_os_version.inc.php
index b9978eaeb27644b21fabe1992c02925233116bdc..38766210212b46df93df725dab2cc201ad606f90 100644
--- a/server/lib/classes/cron.d/100-monitor_os_version.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_os_version.inc.php
@@ -87,14 +87,8 @@ class cronjob_monitor_os_version extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_raid.inc.php b/server/lib/classes/cron.d/100-monitor_raid.inc.php
index 86a6908ab44afb32fbace36ec2946a154fadb108..439ab8ce528d9cdae81a5f2af0b58c93c2ccbafa 100644
--- a/server/lib/classes/cron.d/100-monitor_raid.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_raid.inc.php
@@ -240,14 +240,8 @@ class cronjob_monitor_raid extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php b/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
index 5d99d7f4e470a6288b0fdd549834cbefdc0503f6..d5beee70bcf1dac36ac38f1f2bf7108bd9c4e5a2 100644
--- a/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_rkhunter extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_server.inc.php b/server/lib/classes/cron.d/100-monitor_server.inc.php
index 6ceb584cf5e6d6189343a1997ecebdc13410d7d8..5a053f430e2cd317bcf90cd66644c96ef0c4923f 100644
--- a/server/lib/classes/cron.d/100-monitor_server.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_server.inc.php
@@ -108,14 +108,8 @@ class cronjob_monitor_server extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_services.inc.php b/server/lib/classes/cron.d/100-monitor_services.inc.php
index 3235ee781fb0af71e0553e0d3982a21597cdc051..2c169a2de837f73c0a46628bea68f873565a33f1 100644
--- a/server/lib/classes/cron.d/100-monitor_services.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_services.inc.php
@@ -67,14 +67,8 @@ class cronjob_monitor_services extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_syslog.inc.php b/server/lib/classes/cron.d/100-monitor_syslog.inc.php
index b62112179c23895f0dd37a2253b5981cb79f4f61..c101de0087d566884999a0ca1fa02e2d307739dd 100644
--- a/server/lib/classes/cron.d/100-monitor_syslog.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_syslog.inc.php
@@ -70,7 +70,7 @@ class cronjob_monitor_syslog extends cronjob {
* is there any warning or error for this server?
*/
$state = 'ok';
- $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ' . $server_id . ' AND loglevel > 0');
+ $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ? AND loglevel > 0', $server_id);
if (is_array($dbData)) {
foreach ($dbData as $item) {
if ($item['loglevel'] == 1)
@@ -93,14 +93,8 @@ class cronjob_monitor_syslog extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -127,14 +121,8 @@ class cronjob_monitor_syslog extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_system_update.inc.php b/server/lib/classes/cron.d/100-monitor_system_update.inc.php
index 33c5c1f02fd018af5dbc38d0e6d53176a5788f58..35338dc21d04efc318c44f5fa9551f09e2fc5e98 100644
--- a/server/lib/classes/cron.d/100-monitor_system_update.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_system_update.inc.php
@@ -187,14 +187,8 @@ class cronjob_monitor_system_update extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/150-awstats.inc.php b/server/lib/classes/cron.d/150-awstats.inc.php
index 9803a89f13f4724a3f45accc4e879d4416998d6e..ea0c64f67a6de621b3b1482803e49394233c92bc 100644
--- a/server/lib/classes/cron.d/150-awstats.inc.php
+++ b/server/lib/classes/cron.d/150-awstats.inc.php
@@ -54,8 +54,8 @@ class cronjob_awstats extends cronjob {
// Create awstats statistics
//######################################################################################################
- $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
@@ -65,7 +65,7 @@ class cronjob_awstats extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
@@ -89,8 +89,8 @@ class cronjob_awstats extends cronjob {
if(is_file($awstats_website_conf_file)) unlink($awstats_website_conf_file);
- $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ".$rec['domain_id'];
- $aliases = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ?";
+ $aliases = $app->db->queryAllRecords($sql, $rec['domain_id']);
$aliasdomain = '';
if(is_array($aliases)) {
diff --git a/server/lib/classes/cron.d/150-webalizer.inc.php b/server/lib/classes/cron.d/150-webalizer.inc.php
index 1f9a921f0d383f04cea5676789ba5afcfc9b0749..b85000320059ce4da949f7c640dcf584c485a107 100644
--- a/server/lib/classes/cron.d/150-webalizer.inc.php
+++ b/server/lib/classes/cron.d/150-webalizer.inc.php
@@ -79,8 +79,8 @@ class cronjob_webalizer extends cronjob {
}
- $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
//$yesterday = date('Ymd',time() - 86400);
@@ -88,7 +88,7 @@ class cronjob_webalizer extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
diff --git a/server/lib/classes/cron.d/200-logfiles.inc.php b/server/lib/classes/cron.d/200-logfiles.inc.php
index a802ff9eee3132aed204bf69ec3545ec9d0a208e..9eaa3d7580aa4d5f4ace06395146f402b0b5f7b0 100644
--- a/server/lib/classes/cron.d/200-logfiles.inc.php
+++ b/server/lib/classes/cron.d/200-logfiles.inc.php
@@ -60,7 +60,7 @@ class cronjob_logfiles extends cronjob {
// Manage and compress web logfiles and create traffic statistics
//######################################################################################################
- $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ".$conf['server_id'];
+ $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ?", $conf['server_id'];
$records = $app->db->queryAllRecords($sql);
foreach($records as $rec) {
@@ -69,7 +69,7 @@ class cronjob_logfiles extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
@@ -89,16 +89,14 @@ class cronjob_logfiles extends cronjob {
//* Insert / update traffic in master database
$traffic_date = date('Y-m-d', time() - 86400);
- $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname='".$rec['domain']."' and traffic_date='".$traffic_date."'");
+ $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname=? and traffic_date=?", $rec['domain'], $traffic_date);
if(is_array($tmp) && count($tmp) > 0) {
- $sql = "update web_traffic set traffic_bytes=traffic_bytes+"
- . $total_bytes
- . " where hostname='" . $rec['domain']
- . "' and traffic_date='" . $traffic_date . "'";
+ $sql = "UPDATE web_traffic SET traffic_bytes=traffic_bytes + ? WHERE hostname = ? AND traffic_date = ?";
+ $app->dbmaster->query($sql, $total_bytes, $rec['domain'], $traffic_date);
} else {
- $sql = "insert into web_traffic (hostname, traffic_date, traffic_bytes) values ('".$rec['domain']."', '".$traffic_date."', '".$total_bytes."')";
+ $sql = "INSERT INTO web_traffic (hostname, traffic_date, traffic_bytes) VALUES (?, ?, ?)";
+ $app->dbmaster->query($sql, $rec['domain'], $traffic_date, $total_bytes);
}
- $app->dbmaster->query($sql);
fclose($handle);
}
@@ -197,8 +195,8 @@ class cronjob_logfiles extends cronjob {
// Cleanup website tmp directories
//######################################################################################################
- $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
$app->uses('system');
if(is_array($records)) {
foreach($records as $rec){
@@ -225,8 +223,8 @@ class cronjob_logfiles extends cronjob {
* if they are NOT ok, the server will try to process them in 1 minute and so the
* error appears again after 1 minute. So it is no problem to delete the old one!
*/
- $sql = "DELETE FROM sys_log WHERE tstamp < " . $tstamp . " AND server_id != 0";
- $app->dbmaster->query($sql);
+ $sql = "DELETE FROM sys_log WHERE tstamp < ? AND server_id != 0";
+ $app->dbmaster->query($sql, $tstamp);
/*
* Delete all remote-actions "done" and older than 7 days
@@ -236,11 +234,8 @@ class cronjob_logfiles extends cronjob {
$sql = "SELECT max(action_id) FROM sys_remoteaction";
$res = $app->dbmaster->queryOneRecord($sql);
$maxId = $res['max(action_id)'];
- $sql = "DELETE FROM sys_remoteaction " .
- "WHERE tstamp < " . $tstamp . " " .
- " AND action_state = 'ok' " .
- " AND action_id <" . intval($maxId);
- $app->dbmaster->query($sql);
+ $sql = "DELETE FROM sys_remoteaction WHERE tstamp < ? AND action_state = 'ok' AND action_id < ?";
+ $app->dbmaster->query($sql, $tstamp, $maxId);
/*
* The sys_datalog is more difficult.
@@ -270,14 +265,10 @@ class cronjob_logfiles extends cronjob {
foreach($records as $server) {
$tmp_server_id = intval($server['server_id']);
if($tmp_server_id > 0) {
- $sql = "DELETE FROM sys_datalog " .
- "WHERE tstamp < " . $tstamp .
- " AND server_id = " . intval($server['server_id']) .
- " AND datalog_id < " . intval($server['updated']) .
- " AND datalog_id < " . intval($maxId);
+ $sql = "DELETE FROM sys_datalog WHERE tstamp < ? AND server_id = ? AND datalog_id < ? AND datalog_id < ?";
+ // echo $sql . "\n";
+ $app->dbmaster->query($sql, $tstamp, $server['server_id'], $server['updated'], $maxId);
}
- // echo $sql . "\n";
- $app->dbmaster->query($sql);
}
}
diff --git a/server/lib/classes/cron.d/300-quota_notify.inc.php b/server/lib/classes/cron.d/300-quota_notify.inc.php
index f18394c58cdef45fdf51592742221e2c054cfe5e..5345f588bade2b57dd5e72cdfe1f24692f4f8e77 100644
--- a/server/lib/classes/cron.d/300-quota_notify.inc.php
+++ b/server/lib/classes/cron.d/300-quota_notify.inc.php
@@ -69,24 +69,10 @@ class cronjob_quota_notify extends cronjob {
$web_traffic_quota = $rec['traffic_quota'];
$domain = $rec['domain'];
- // get the client
- /*
- $client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT limit_traffic_quota,parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota FROM client WHERE client_id = ".intval($client['parent_client_id']));
-
- $client_traffic_quota = intval($client['limit_traffic_quota']);
- $reseller_traffic_quota = intval($reseller['limit_traffic_quota']);
- */
-
//* get the traffic
$tmp = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) As total_traffic_bytes FROM web_traffic WHERE traffic_date like '$current_month%' AND hostname = '$domain'");
$web_traffic = round($tmp['total_traffic_bytes']/1024/1024);
- //* Website is over quota, we will disable it
- /*if( ($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) ||
- ($client_traffic_quota > 0 && $web_traffic > $client_traffic_quota) ||
- ($reseller_traffic_quota > 0 && $web_traffic > $reseller_traffic_quota)) {*/
if($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) {
$app->dbmaster->datalogUpdate('web_domain', "traffic_quota_lock = 'y',active = 'n'", 'domain_id', $rec['domain_id']);
$app->log('Traffic quota for '.$rec['domain'].' exceeded. Disabling website.', LOGLEVEL_DEBUG);
@@ -106,7 +92,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overtraffic_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -227,7 +213,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -262,7 +248,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -355,7 +341,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($mail_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -390,7 +376,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($mail_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -427,7 +413,7 @@ class cronjob_quota_notify extends cronjob {
}
//* get databases
- $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database;");
+ $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database");
if(is_array($database_records) && !empty($database_records) && is_array($monitor_data) && !empty($monitor_data)) {
//* check database-quota
@@ -442,7 +428,7 @@ class cronjob_quota_notify extends cronjob {
if ($monitor['database_name'] == $database) {
//* get the client
- $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$database."'");
+ $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $database);
//* check quota
if ($quota > 0) $used_ratio = $monitor['size'] / $quota;
diff --git a/server/lib/classes/cron.d/400-openvz.inc.php b/server/lib/classes/cron.d/400-openvz.inc.php
index 18f4598be2e03dde3fb17cc45673cdaf0c5da5d7..ec2b4de632d6d108c7eccbade189e425e753b6c5 100644
--- a/server/lib/classes/cron.d/400-openvz.inc.php
+++ b/server/lib/classes/cron.d/400-openvz.inc.php
@@ -55,10 +55,8 @@ class cronjob_openvz extends cronjob {
//######################################################################################################
if ($app->dbmaster == $app->db) {
- $current_date = date('Y-m-d');
-
//* Check which virtual machines have to be deactivated
- $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < '$current_date'";
+ $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < CURDATE()";
$records = $app->db->queryAllRecords($sql);
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/server/lib/classes/cron.d/500-backup_mail.inc.php b/server/lib/classes/cron.d/500-backup_mail.inc.php
index 81e39ed0cc36b1bad4ed366c328e575565ff0965..be45cf4aa534837d1be1d542102fd12672629e21 100644
--- a/server/lib/classes/cron.d/500-backup_mail.inc.php
+++ b/server/lib/classes/cron.d/500-backup_mail.inc.php
@@ -64,7 +64,7 @@ class cronjob_backup_mail extends cronjob {
//* mount backup directory, if necessary
if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;
- $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir <> ''", intval($conf['server_id']));
+ $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir != ''", intval($conf['server_id']));
if(is_array($records) && $run_backups) {
if(!is_dir($backup_dir)) {
@@ -87,13 +87,13 @@ class cronjob_backup_mail extends cronjob {
if ($global_config['backups_include_into_web_quota'] == 'y') {
// this only works, if mail and webdomains are on the same server
// find webdomain fitting to maildomain
- $sql = "SELECT * FROM web_domain WHERE domain = '".$domain_rec['domain']."'";
- $webdomain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain = ?";
+ $webdomain = $app->db->queryOneRecord($sql, $domain_rec['domain']);
// if this is not also the website, find website now
if ($webdomain && ($webdomain['parent_domain_id'] != 0)) {
do {
- $sql = "SELECT * FROM web_domain WHERE domain_id = ".$webdomain['parent_domain_id'];
- $webdomain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain_id = ?";
+ $webdomain = $app->db->queryOneRecord($sql, $webdomain['parent_domain_id']);
} while ($webdomain && ($webdomain['parent_domain_id'] != 0));
}
// if webdomain is found, change username/group now
diff --git a/server/lib/classes/cron.d/600-cleanup.inc.php b/server/lib/classes/cron.d/600-cleanup.inc.php
index 8222fe54d0e59524ff3e5e9e494982cf21f1ecd2..903a20f5978173fd6aa991cdb503a3bc0f95141c 100644
--- a/server/lib/classes/cron.d/600-cleanup.inc.php
+++ b/server/lib/classes/cron.d/600-cleanup.inc.php
@@ -58,7 +58,7 @@ class cronjob_cleanup extends cronjob {
$records = $app->db->queryAllRecords("SELECT s.instance_id, s.name, s.value FROM `aps_instances_settings` as s INNER JOIN `aps_instances` as i ON (i.id = s.instance_id) WHERE s.value != '' AND s.name IN ('main_database_password', 'admin_password') AND i.instance_status > 1");
if(is_array($records)) {
foreach($records as $rec) {
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = '".$app->db->quote($rec['instance_id'])."' AND name = '".$app->db->quote($rec['name'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = ? AND name = ?", $rec['instance_id'], $rec['name']);
$app->db->datalogUpdate('aps_instances_settings', "value = ''", 'id', $tmp['id']);
}
}
diff --git a/server/lib/classes/cronjob.inc.php b/server/lib/classes/cronjob.inc.php
index 7fe90c2fd66f664475dda125551ae5751a711ca9..03e36e774dde239a8836075da554368ee6923757 100644
--- a/server/lib/classes/cronjob.inc.php
+++ b/server/lib/classes/cronjob.inc.php
@@ -76,7 +76,7 @@ class cronjob {
// check the run time and values for this job
// get previous run data
- $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");
+ $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = ?", get_class($this));
if($data) {
if($data['last_run']) $this->_last_run = $data['last_run'];
if($data['next_run']) $this->_next_run = $data['next_run'];
@@ -90,7 +90,7 @@ class cronjob {
$next_run = $app->cron->getNextRun(ISPConfigDateTime::dbtime());
$this->_next_run = $next_run;
- $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', " . ($this->_last_run ? "'" . $app->db->quote($this->_last_run) . "'" : "NULL") . ", " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", " . ($this->_running == true ? "1" : "0") . ")");
+ $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, ?, ?, ?)", get_class($this), ($this->_last_run ? $this->_last_run : "#NULL#"), ($next_run === false ? "#NULL#" : $next_run . "'"), ($this->_running == true ? "1" : "0"));
}
}
}
@@ -131,7 +131,7 @@ class cronjob {
print "Jobs next run is now " . $next_run . "\n";
- $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', NOW(), " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", 1)");
+ $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, NOW(), ?, 1)", get_class($this), ($next_run === false ? "#NULL#" : $next_run));
return true;
}
@@ -154,7 +154,7 @@ class cronjob {
global $app;
print "Called onCompleted() for class " . get_class($this) . "\n";
- $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");
+ $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = ?", get_class($this));
}
}
diff --git a/server/lib/classes/functions.inc.php b/server/lib/classes/functions.inc.php
index be555031fd5ddc297154745539796bc0dde39d1d..5632a58753dc8a99431e7f409e53b9fedd232bee 100644
--- a/server/lib/classes/functions.inc.php
+++ b/server/lib/classes/functions.inc.php
@@ -237,7 +237,7 @@ class functions {
}
$ips = array();
- $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = '".$type."'");
+ $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])) $ips[] = $result['ip'];
diff --git a/server/lib/classes/getconf.inc.php b/server/lib/classes/getconf.inc.php
index 768ea2cabded44ab9ee56039d28ccc8fdaff7a89..2c20971adb3ead87e2b3893d4201176ab48e71c4 100644
--- a/server/lib/classes/getconf.inc.php
+++ b/server/lib/classes/getconf.inc.php
@@ -38,7 +38,7 @@ class getconf {
if(!is_array($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = intval($server_id);
- $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
+ $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
diff --git a/server/lib/classes/modules.inc.php b/server/lib/classes/modules.inc.php
index 194bf4f51abc191c5e3072c1e7eddd5dd13f0061..e5ccaaf1141088685934c9f2dec7b4757df2b540 100644
--- a/server/lib/classes/modules.inc.php
+++ b/server/lib/classes/modules.inc.php
@@ -85,12 +85,12 @@ class modules {
//* If its a multiserver setup
if($app->db->dbHost != $app->dbmaster->dbHost || ($app->db->dbHost == $app->dbmaster->dbHost && $app->db->dbName != $app->dbmaster->dbName)) {
if($conf['mirror_server_id'] > 0) {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = ".$conf['mirror_server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
} else {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
}
- $records = $app->dbmaster->queryAllRecords($sql);
+ $records = $app->dbmaster->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id'], $conf['mirror_server_id']);
foreach($records as $d) {
//** encode data to utf-8 and unserialize it
@@ -133,46 +133,38 @@ class modules {
$idx = explode(':', $d['dbidx']);
$tmp_sql1 = '';
$tmp_sql2 = '';
+ $f_params = array($d['dbtable']);
+ $params = array();
foreach($data['new'] as $fieldname => $val) {
- $tmp_sql1 .= "`$fieldname`,";
- $tmp_sql2 .= "'".$app->db->quote($val)."',";
+ $tmp_sql1 .= "??,";
+ $tmp_sql2 .= "?,";
+ $f_params[] = $fieldname;
+ $params[] = $val;
}
+ $params = $f_params + $params;
+ unset($f_params);
+
$tmp_sql1 = substr($tmp_sql1, 0, -1);
$tmp_sql2 = substr($tmp_sql2, 0, -1);
//$tmp_sql1 .= "$idx[0]";
//$tmp_sql2 .= "$idx[1]";
- $sql = "REPLACE INTO $d[dbtable] ($tmp_sql1) VALUES ($tmp_sql2)";
+ $sql = "REPLACE INTO ?? ($tmp_sql1) VALUES ($tmp_sql2)";
$app->db->errorNumber = 0;
$app->db->errorMessage = '';
- $app->db->query($sql);
+ $app->db->query($sql, true, $params);
+ unset($params);
if($app->db->errorNumber > 0) {
$replication_error = true;
$app->log("Replication failed. Error: (" . $d['dbtable'] . ") in MySQL server: (".$app->db->dbHost.") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);
}
$app->log('Replicated from master: '.$sql, LOGLEVEL_DEBUG);
}
- /*
- if($d["action"] == 'u') {
- $sql = "UPDATE $d[dbtable] SET ";
- foreach($data['new'] as $fieldname => $val) {
- $sql .= "`$fieldname` = '$val',";
- }
- $sql = substr($sql,0,-1);
- $idx = explode(":",$d["dbidx"]);
- $sql .= " WHERE $idx[0] = $idx[1]";
- $app->db->query($sql);
- if($app->db->errorNumber > 0) {
- $replication_error = true;
- $app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql,LOGLEVEL_ERROR);
- }
- $app->log("Replicated from master: ".$sql,LOGLEVEL_DEBUG);
- }
- */
+
if($d['action'] == 'd') {
$idx = explode(':', $d['dbidx']);
- $sql = "DELETE FROM $d[dbtable] ";
- $sql .= " WHERE $idx[0] = $idx[1]";
- $app->db->query($sql);
+ $sql = "DELETE FROM ?? ";
+ $sql .= " WHERE ?? = ?";
+ $app->db->query($sql, $d['dbtable'], $idx[0], $idx[1]);
if($app->db->errorNumber > 0) {
$replication_error = true;
$app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);
@@ -183,12 +175,12 @@ class modules {
if($replication_error == false) {
if(is_array($data['old']) || is_array($data['new'])) {
- $app->db->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);
+ $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);
$this->raiseTableHook($d['dbtable'], $d['action'], $data);
} else {
$app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);
}
- $app->dbmaster->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);
+ $app->dbmaster->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);
$app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);
} else {
$app->log('Error in Replication, changes were not processed.', LOGLEVEL_ERROR);
@@ -205,23 +197,14 @@ class modules {
//* if we have a single server setup
} else {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $records = $app->db->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id']);
foreach($records as $d) {
//** encode data to utf-8 to be able to unserialize it and then unserialize it
if(!$data = unserialize(stripslashes($d['data']))) {
$data = unserialize($d['data']);
}
- //** decode data back to current locale
- /*
- foreach($data['old'] as $key => $val) {
- $data['old'][$key] = utf8_decode($val);
- }
- foreach($data['new'] as $key => $val) {
- $data['new'][$key] = utf8_decode($val);
- }
- */
//* Data on a single server is never mirrored
$data['mirrored'] = false;
@@ -232,9 +215,7 @@ class modules {
} else {
$app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);
}
- //$app->db->query("DELETE FROM sys_datalog WHERE datalog_id = ".$rec["datalog_id"]);
- //$app->log("Deleting sys_datalog ID ".$rec["datalog_id"],LOGLEVEL_DEBUG);
- $app->db->query("UPDATE server SET updated = ".$d['datalog_id']." WHERE server_id = ".$conf['server_id']);
+ $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d['datalog_id'], $conf['server_id']);
$app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);
}
}
@@ -251,11 +232,11 @@ class modules {
//* SQL query to get all pending actions
$sql = "SELECT action_id, action_type, action_param " .
"FROM sys_remoteaction " .
- "WHERE server_id = " . $server_id . " ".
- " AND action_id > " . intval($maxid_remote_action) . " ".
+ "WHERE server_id = ? ".
+ " AND action_id > ? ".
"ORDER BY action_id";
- $actions = $app->dbmaster->queryAllRecords($sql);
+ $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);
if(is_array($actions)) {
foreach($actions as $action) {
@@ -265,9 +246,9 @@ class modules {
//* Update the action state
$sql = "UPDATE sys_remoteaction " .
- "SET action_state = '" . $app->dbmaster->quote($state) . "' " .
- "WHERE action_id = " . intval($action['action_id']);
- $app->dbmaster->query($sql);
+ "SET action_state = ? " .
+ "WHERE action_id = ?";
+ $app->dbmaster->query($sql, $state, $action['action_id']);
/*
* Then save the maxid for the next time...
diff --git a/server/lib/classes/monitor_tools.inc.php b/server/lib/classes/monitor_tools.inc.php
index 50eb45b0dd074bbd433b5fa1724c734be024b051..13c0f8dcbb4cdae138afa2005534c24dae46197e 100644
--- a/server/lib/classes/monitor_tools.inc.php
+++ b/server/lib/classes/monitor_tools.inc.php
@@ -259,7 +259,7 @@ class monitor_tools {
$server_id = intval($conf['server_id']);
/** get the "active" Services of the server from the DB */
- $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ' . $server_id);
+ $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ?', $server_id);
/*
* If the DB is down, we have to set the db to "yes".
* If we don't do this, then the monitor will NOT monitor, that the db is down and so the
@@ -670,12 +670,12 @@ class monitor_tools {
*/
$sql = 'DELETE FROM monitor_data ' .
'WHERE ' .
- ' type =' . "'" . $app->dbmaster->quote($type) . "' " .
+ ' type = ?' .
'AND ' .
- ' created < ' . $old . ' ' .
+ ' created < ? ' .
'AND ' .
- ' server_id = ' . $serverId;
- $app->dbmaster->query($sql);
+ ' server_id = ?';
+ $app->dbmaster->query($sql, $type, $old, $serverId);
}
public function send_notification_email($template, $placeholders, $recipients) {
diff --git a/server/mods-available/remoteaction_core_module.inc.php b/server/mods-available/remoteaction_core_module.inc.php
index 08649531b579fbc079a5614b7c6c165e2034c27f..807de5060ab28bfbee5257760b812e60ba65a655 100644
--- a/server/mods-available/remoteaction_core_module.inc.php
+++ b/server/mods-available/remoteaction_core_module.inc.php
@@ -62,10 +62,8 @@ class remoteaction_core_module {
* First set the state
*/
global $app;
- $sql = "UPDATE sys_remoteaction " .
- "SET action_state = '" . $app->dbmaster->quote($state) . "' " .
- "WHERE action_id = " . intval($id);
- $app->dbmaster->query($sql);
+ $sql = "UPDATE sys_remoteaction SET action_state = ? WHERE action_id = ?";
+ $app->dbmaster->query($sql, $state, $id);
/*
* Then save the maxid for the next time...
@@ -103,12 +101,8 @@ class remoteaction_core_module {
/*
* Get all actions this server should execute
*/
- $sql = "SELECT action_id, action_type, action_param " .
- "FROM sys_remoteaction " .
- "WHERE server_id = " . $server_id . " ".
- " AND action_id > " . intval($maxid_remote_action) . " ".
- "ORDER BY action_id";
- $actions = $app->dbmaster->queryAllRecords($sql);
+ $sql = "SELECT action_id, action_type, action_param FROM sys_remoteaction WHERE server_id = ? AND action_id > ? ORDER BY action_id";
+ $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);
/*
* process all actions
diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 5b46930b10dc1a3eac068a6316b005c5a8ee195b..975a5dd4ed0659b4f11fb68d7fa36e2b11459abc 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -63,13 +63,13 @@ class backup_plugin {
global $app, $conf;
$backup_id = intval($data);
- $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = $backup_id");
+ $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if(is_array($backup)) {
$app->uses('ini_parser,file,getconf,system');
- $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$backup['parent_domain_id']);
+ $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $backup['parent_domain_id']);
$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
$backup_dir = $server_config['backup_dir'].'/web'.$web['domain_id'];
@@ -172,7 +172,7 @@ class backup_plugin {
global $app, $conf;
$backup_id = intval($data);
- $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = $backup_id");
+ $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = ?", $backup_id);
if (is_array($mail_backup) && $action_name == 'backup_restore_mail') {
$app->uses('ini_parser,file,getconf');
@@ -186,13 +186,13 @@ class backup_plugin {
if($backup_dir_is_ready){
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ".intval($mail_backup['parent_domain_id']));
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ?", $mail_backup['parent_domain_id']);
$backup_dir = $server_config['backup_dir'].'/mail'.$domain_rec['domain_id'];
$mail_backup_file = $backup_dir.'/'.$mail_backup['filename'];
- $sql = "SELECT * FROM mail_user WHERE server_id = '".$conf['server_id']."' AND mailuser_id = ".intval($mail_backup['mailuser_id']);
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_user WHERE server_id = ? AND mailuser_id = ?";
+ $record = $app->db->queryOneRecord($sql, $conf['server_id'], $mail_backup['mailuser_id']);
//* strip mailbox from maildir
$domain_dir=explode('/',$record['maildir']);
diff --git a/server/plugins-available/bind_dlz_plugin.inc.php b/server/plugins-available/bind_dlz_plugin.inc.php
index 63abcc48ced03d6874b8dc5bcab5e1b865985a60..9de0775d5b2943fb0d0230f3a4d8f43a6110a4e7 100644
--- a/server/plugins-available/bind_dlz_plugin.inc.php
+++ b/server/plugins-available/bind_dlz_plugin.inc.php
@@ -121,7 +121,7 @@ class bind_dlz_plugin {
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
- $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);
+ $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 2f7f93222405fb91b98e9e981fda35880a9f5ddc..3b55dbcc31ac11738bd945515c3d497ccdebccb3 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -102,7 +102,7 @@ class bind_plugin {
$zone = $data['new'];
$tpl->setVar($zone);
- $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ".$zone['id']." AND active = 'Y'");
+ $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $zone['id']);
if(is_array($records) && !empty($records)){
for($i=0;$idb->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -293,7 +293,7 @@ class bind_plugin {
global $app, $conf;
//* Get the data of the soa and call soa_update
- $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -305,7 +305,7 @@ class bind_plugin {
global $app, $conf;
//* Get the data of the soa and call soa_update
- $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".intval($data['old']['zone']));
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['old']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -319,18 +319,10 @@ class bind_plugin {
global $app, $conf;
//* Only write the master file for the current server
- $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=".$conf["server_id"]);
+ $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones = array();
//* Check if the current zone that triggered this function has at least one NS record
- /* Has been replaced by a better zone check
- $rec_num = $app->db->queryOneRecord("SELECT count(id) as ns FROM dns_rr WHERE type = 'NS' AND zone = ".intval($data['new']['id'])." AND active = 'Y'");
- if($rec_num['ns'] == 0) {
- $exclude_zone = $data['new']['origin'];
- } else {
- $exclude_zone = '';
- }
- */
//TODO : change this when distribution information has been integrated into server record
if (file_exists('/etc/gentoo-release')) {
@@ -370,7 +362,7 @@ class bind_plugin {
$tpl->setLoop('zones', $zones);
//* And loop through the secondary zones, but only for the current server
- $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=".$conf["server_id"]);
+ $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones_sec = array();
foreach($tmps_sec as $tmp) {
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index 4c95b83c2bdb0d9fbbf798e71772c59cc9236f3b..c652f299ebc44dd87c5cc3f1c65f118cdbebb144 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -76,7 +76,7 @@ class cron_jailkit_plugin {
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -155,7 +155,7 @@ class cron_jailkit_plugin {
return 0;
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -333,7 +333,7 @@ class cron_jailkit_plugin {
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
// Get the parent website of this shell user
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);
//* If the security level is set to high
if($web_config['security_level'] == 20 && is_array($web)) {
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index 9bda43345e5f8e41faca808599fb616bc322c908..307762d78f7e7d169e6fffdb4df385ace4737f44 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -92,7 +92,7 @@ class cron_plugin {
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -105,7 +105,7 @@ class cron_plugin {
}
// Get the client ID
- $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["new"]["sys_groupid"]));
+ $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["new"]["sys_groupid"]);
$client_id = intval($client["client_id"]);
unset($client);
@@ -161,14 +161,14 @@ class cron_plugin {
global $app, $conf;
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["old"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["old"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
}
// Get the client ID
- $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"]));
+ $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["old"]["sys_groupid"]);
$client_id = intval($client["client_id"]);
unset($client);
@@ -196,7 +196,7 @@ class cron_plugin {
$chr_cmd_count = 0;
//* read all active cron jobs from database and write them to file
- $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND c.`active` = 'y'");
+ $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ? AND c.`active` = 'y'", $this->parent_domain["domain_id"]);
if($cron_jobs && count($cron_jobs) > 0) {
foreach($cron_jobs as $job) {
if($job['run_month'] == '@reboot') {
diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index d46936100dea724e0f393dec7ba8f461ea4b4492..484a0f7da45dede95f3077bd3c0eeab380aaa86f 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -74,7 +74,7 @@ class ftpuser_base_plugin {
if(!is_dir($data['new']['dir'])) {
$app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
//* Check if the resulting path is inside the docroot
if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {
@@ -100,7 +100,7 @@ class ftpuser_base_plugin {
if(!is_dir($data['new']['dir'])) {
$app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
//* Check if the resulting path is inside the docroot
if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {
diff --git a/server/plugins-available/mail_plugin.inc.php b/server/plugins-available/mail_plugin.inc.php
index 9b94fc20ce587d3be42c7692d707259319260d84..74d2b5350405f3602e088f4726b0e83850c0a490 100644
--- a/server/plugins-available/mail_plugin.inc.php
+++ b/server/plugins-available/mail_plugin.inc.php
@@ -98,10 +98,10 @@ class mail_plugin {
if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
$app->log('Map uid to linux-user',LOGLEVEL_DEBUG);
$email_parts = explode('@',$data['new']['email']);
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);
if ($webdomain) {
while (($webdomain['system_user'] == null) && ($webdomain['parent_domain_id'] != 0)) {
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);
}
$app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);
@@ -118,7 +118,7 @@ class mail_plugin {
$app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);
// update DB if values changed
- $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);
+ $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);
// now get names of uid and gid
$user = $app->system->getuser($data['new']['uid']);
@@ -264,10 +264,10 @@ class mail_plugin {
if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
$app->log('Map uid to linux-user',LOGLEVEL_DEBUG);
$email_parts = explode('@',$data['new']['email']);
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);
if ($webdomain) {
while ($webdomain['parent_domain_id'] != 0) {
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);
}
$app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);
@@ -284,7 +284,7 @@ class mail_plugin {
$app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);
// update DB if values changed
- $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);
+ $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);
$user = $app->system->getuser($data['new']['uid']);
$group = $app->system->getgroup($data['new']['gid']);
diff --git a/server/plugins-available/maildeliver_plugin.inc.php b/server/plugins-available/maildeliver_plugin.inc.php
index 85293ae4086fd0dadec1f0db3bdfccf962a34e1c..a6f9ae567e324e39a1dba9127cddaf4d52e30e16 100644
--- a/server/plugins-available/maildeliver_plugin.inc.php
+++ b/server/plugins-available/maildeliver_plugin.inc.php
@@ -165,8 +165,8 @@ class maildeliver_plugin {
$tpl->setVar('autoresponder_text', $data["new"]["autoresponder_text"]);
//* Set alias addresses for autoresponder
- $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = '".$app->db->quote($data["new"]["email"])."'";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = ?";
+ $records = $app->db->queryAllRecords($sql, $data["new"]["email"]);
$addresses = array();
$addresses[] = $data["new"]["email"];
@@ -181,8 +181,8 @@ class maildeliver_plugin {
$alias_addresses = array();
$email_parts = explode('@', $data["new"]["email"]);
- $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = '@".$app->db->quote($email_parts[1])."'";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = ?";
+ $records = $app->db->queryAllRecords($sql, '@'.$email_parts[1]);
if(is_array($records) && count($records) > 0) {
$app->log("Found " . count($records) . " records (aliasdomains).", LOGLEVEL_DEBUG);
foreach($records as $rec) {
diff --git a/server/plugins-available/mailman_plugin.inc.php b/server/plugins-available/mailman_plugin.inc.php
index acf4eb9363adb64cc5b61382a84c17cf77c76d8a..9ebb2aa9a73f326f48d2c7b7d97f33a0c40eb4a7 100644
--- a/server/plugins-available/mailman_plugin.inc.php
+++ b/server/plugins-available/mailman_plugin.inc.php
@@ -78,7 +78,7 @@ class mailman_plugin {
if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman');
exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
- $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
+ $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);
}
@@ -91,7 +91,7 @@ class mailman_plugin {
if($data["new"]["password"] != $data["old"]["password"] && $data["new"]["password"] != '') {
exec("nohup /usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &");
exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
- $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
+ $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);
}
if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
diff --git a/server/plugins-available/network_settings_plugin.inc.php b/server/plugins-available/network_settings_plugin.inc.php
index 46242d98407846a36ae20e2d4d285fd01f9a7621..13dbf3c8c1f0595515b72b1f211e2217f79d2e0c 100644
--- a/server/plugins-available/network_settings_plugin.inc.php
+++ b/server/plugins-available/network_settings_plugin.inc.php
@@ -101,7 +101,7 @@ class network_settings_plugin {
$network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));
$network_tpl->setVar('network', $this->network($server_config['ip_address'], $server_config['netmask']));
- $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . ' ORDER BY server_ip_id ASC');
+ $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? ORDER BY server_ip_id ASC", $conf['server_id']);
$ip_records = array();
$additionl_ip_records = 0;
$n = 0;
@@ -179,7 +179,7 @@ class network_settings_plugin {
$network_tpl->setVar('gateway', $server_config['gateway']);
$network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));
- $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . " order by ip_address");
+ $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? order by ip_address", $conf['server_id']);
$ip_records = array();
$additionl_ip_records = 0;
$n = 0;
diff --git a/server/plugins-available/nginx_reverseproxy_plugin.inc.php b/server/plugins-available/nginx_reverseproxy_plugin.inc.php
index 1f68649fbfa885c32f990905212983320cd8b018..b5881dbf240886b5cc6127847a84f1e2dfa954de 100644
--- a/server/plugins-available/nginx_reverseproxy_plugin.inc.php
+++ b/server/plugins-available/nginx_reverseproxy_plugin.inc.php
@@ -70,7 +70,7 @@ class nginx_reverseproxy_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
- $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -78,7 +78,7 @@ class nginx_reverseproxy_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -130,7 +130,7 @@ class nginx_reverseproxy_plugin {
// get alias domains (co-domains and subdomains)
- $aliases = $app->dbmaster->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'");
+ $aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
$server_alias = array();
switch($data['new']['subdomain']) {
case 'www':
@@ -243,7 +243,7 @@ class nginx_reverseproxy_plugin {
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
- $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = '".$data['new']['domain']."'");
+ $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
$src_ssl_dir = $web["document_root"]."/ssl";
//$domain = $data["new"]["ssl_domain"];
diff --git a/server/plugins-available/openvz_plugin.inc.php b/server/plugins-available/openvz_plugin.inc.php
index a50c3def49e81d3df6e6d8d8cbaf32f9966aecf3..d6abced17f3d56fe448c9ea305f51d7a174f0430 100644
--- a/server/plugins-available/openvz_plugin.inc.php
+++ b/server/plugins-available/openvz_plugin.inc.php
@@ -85,7 +85,7 @@ class openvz_plugin {
return;
}
- $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$data['new']['ostemplate_id']);
+ $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $data['new']['ostemplate_id']);
$ostemplate = escapeshellcmd($tmp['template_file']);
unset($tmp);
diff --git a/server/plugins-available/pma_symlink_plugin.inc.php b/server/plugins-available/pma_symlink_plugin.inc.php
index db9b6f7f62613b781b67a96ef6d48cf1edc4e218..6b9b4fb2642f4b65dad4c511a851c5e6dc5ab857 100644
--- a/server/plugins-available/pma_symlink_plugin.inc.php
+++ b/server/plugins-available/pma_symlink_plugin.inc.php
@@ -81,7 +81,7 @@ class pma_symlink_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) {
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -89,7 +89,7 @@ class pma_symlink_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
diff --git a/server/plugins-available/postfix_filter_plugin.inc.php b/server/plugins-available/postfix_filter_plugin.inc.php
index 867df253a5f0e8117323e37e3a3215608f3f87cf..9c97ff1fa8c6bc14a327ebc782b1ac70026fd124 100644
--- a/server/plugins-available/postfix_filter_plugin.inc.php
+++ b/server/plugins-available/postfix_filter_plugin.inc.php
@@ -80,8 +80,8 @@ class postfix_filter_plugin {
$type = $data["new"]["type"];
if($type != '') {
- $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
- $rules = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ?' AND active = 'y'";
+ $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
$content = '';
foreach($rules as $rule) {
$content .= $rule["pattern"];
@@ -111,8 +111,8 @@ class postfix_filter_plugin {
$type = $data["old"]["type"];
if($type != '') {
- $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
- $rules = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ? AND active = 'y'";
+ $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
$content = '';
foreach($rules as $rule) {
$content .= $rule["pattern"];
diff --git a/server/plugins-available/powerdns_plugin.inc.php b/server/plugins-available/powerdns_plugin.inc.php
index 14c244714b608853c1cba95597cf67c7be58b9d8..412050d009225126e08fba0f3d39b6f1c2e998cb 100644
--- a/server/plugins-available/powerdns_plugin.inc.php
+++ b/server/plugins-available/powerdns_plugin.inc.php
@@ -132,9 +132,9 @@ class powerdns_plugin {
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
- $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);
+ $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$serial_id = $serial["serial"];
- $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES ('$origin', 'MASTER', $serial_id, $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'MASTER', $serial_id, $ispconfig_id);
$zone_id = $app->db->insertID();
if(substr($data["new"]["ns"], -1) == '.'){
$ns = substr($data["new"]["ns"], 0, -1);
@@ -147,7 +147,7 @@ class powerdns_plugin {
$content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];
$ttl = $data["new"]["ttl"];
- $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$origin', 'SOA', '$content', $ttl, 0, ".time().", $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, 'SOA', ?, ?, 0, UNIX_TIMESTAMP(), ?)", $zone_id, $origin, $content, $ttl, $ispconfig_id);
//* tell pdns to rediscover zones in DB
$this->zoneRediscover();
@@ -164,7 +164,7 @@ class powerdns_plugin {
if($data["old"]["active"] != 'Y') return;
$this->soa_delete($event_name, $data);
} else {
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ?", $data["new"]["id"]);
if($data["old"]["active"] == 'Y' && is_array($exists)){
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
@@ -179,7 +179,7 @@ class powerdns_plugin {
$hostmaster = substr($data["new"]["mbox"], 0, -1);
$content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];
$ttl = $data["new"]["ttl"];
- $app->db->query("UPDATE powerdns.records SET name = '$origin', content = '$content', ttl = $ttl, change_date = ".time()." WHERE ispconfig_id = ".$data["new"]["id"]." AND type = 'SOA'");
+ $app->db->query("UPDATE powerdns.records SET name = ?, content = ?, ttl = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $content, $ttl, $data["new"]["id"]);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -188,7 +188,7 @@ class powerdns_plugin {
} else {
$this->soa_insert($event_name, $data);
$ispconfig_id = $data["new"]["id"];
- if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = $ispconfig_id AND active = 'Y'")){
+ if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id)){
foreach($records as $record){
foreach($record as $key => $val){
$data["new"][$key] = $val;
@@ -207,10 +207,10 @@ class powerdns_plugin {
function soa_delete($event_name, $data) {
global $app, $conf;
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'MASTER'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["old"]["id"]);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");
- $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);
+ $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);
}
function slave_insert($event_name, $data) {
@@ -222,7 +222,7 @@ class powerdns_plugin {
$ispconfig_id = $data["new"]["id"];
$master_ns = $data["new"]["ns"];
- $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES ('$origin', 'SLAVE', '$master_ns', $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'SLAVE', $master_ns, $ispconfig_id);
$zone_id = $app->db->insertID();
@@ -243,12 +243,12 @@ class powerdns_plugin {
$ispconfig_id = $data["new"]["id"];
$master_ns = $data["new"]["ns"];
- $app->db->query("UPDATE powerdns.domains SET name = '$origin', type = 'SLAVE', master = '$master_ns' WHERE ispconfig_id=$ispconfig_id AND type = 'SLAVE'");
+ $app->db->query("UPDATE powerdns.domains SET name = ?, type = 'SLAVE', master = ? WHERE ispconfig_id=? AND type = 'SLAVE'", $origin, $master_ns, $ispconfig_id);
$zone_id = $app->db->insertID();
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$ispconfig_id." AND type = 'SLAVE'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $ispconfig_id);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id AND ispconfig_id = 0");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ? AND ispconfig_id = 0", $zone_id);
//* tell pdns to fetch zone from master server
$this->fetchFromMaster($data);
@@ -264,21 +264,21 @@ class powerdns_plugin {
function slave_delete($event_name, $data) {
global $app, $conf;
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'SLAVE'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $data["old"]["id"]);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");
- $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);
+ $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);
}
function rr_insert($event_name, $data) {
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);
if ( is_array($exists) ) return;
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
- $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");
+ $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);
$zone_id = $powerdns_zone["id"];
$type = $data["new"]["type"];
@@ -327,7 +327,7 @@ class powerdns_plugin {
$change_date = time();
$ispconfig_id = $data["new"]["id"];
- $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$name', '$type', '$content', $ttl, $prio, $change_date, $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $zone_id, $name, $type, $content, $ttl, $prio, $change_date, $ispconfig_id);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -340,11 +340,11 @@ class powerdns_plugin {
if($data["old"]["active"] != 'Y') return;
$this->rr_delete($event_name, $data);
} else {
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);
if($data["old"]["active"] == 'Y' && is_array($exists)){
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
- $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");
+ $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);
$zone_id = $powerdns_zone["id"];
$type = $data["new"]["type"];
@@ -392,7 +392,7 @@ class powerdns_plugin {
$prio = $data["new"]["aux"];
$change_date = time();
$ispconfig_id = $data["new"]["id"];
- $app->db->query("UPDATE powerdns.records SET name = '$name', type = '$type', content = '$content', ttl = $ttl, prio = $prio, change_date = ".time()." WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("UPDATE powerdns.records SET name = ?, type = ?, content = ?, ttl = ?, prio = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type != 'SOA'", $name, $type, $content, $ttl, $prio, $ispconfig_id);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -406,7 +406,7 @@ class powerdns_plugin {
global $app, $conf;
$ispconfig_id = $data["old"]["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = ? AND type != 'SOA'", $ispconfig_id);
}
function find_pdns_control() {
@@ -475,7 +475,7 @@ class powerdns_plugin {
exec($pdns_pdnssec . ' rectify-zone ' . rtrim($data["new"]["origin"],"."));
} else {
// get origin from DB for all other recordtypes
- $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=".$data["new"]["id"]." AND r.domain_id = d.id");
+ $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=? AND r.domain_id = d.id", $data["new"]["id"]);
exec($pdns_pdnssec . ' rectify-zone ' . trim($zn["name"]));
}
}
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index e19796cfca45778e8a9522ab8167e041306fd381..6105f7bed59c2cd7239d7ef3df9eee211b066ce6 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -79,7 +79,7 @@ class shelluser_base_plugin {
}
//* Check if the resulting path is inside the docroot
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
return false;
@@ -163,7 +163,7 @@ class shelluser_base_plugin {
}
//* Check if the resulting path is inside the docroot
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
return false;
@@ -252,10 +252,10 @@ class shelluser_base_plugin {
$userid = intval($app->system->getuid($data['old']['username']));
if($userid > $this->min_uid) {
// check if we have to delete the dir
- $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($data['old']['dir']) . '\'');
+ $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $data['old']['dir']);
if(!$check && is_dir($data['old']['dir'])) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['old']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
$app->system->web_folder_protection($web['document_root'], false);
@@ -311,11 +311,11 @@ class shelluser_base_plugin {
global $app;
$this->app->log("ssh-rsa setup shelluser_base", LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
- $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
- $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = '.intval($domain_data['sys_groupid']));
+ $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = ?', $this->data['new']['parent_domain_id']);
+ $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = ?', $domain_data['sys_groupid']);
$id = intval($sys_group_data['client_id']);
$username= $sys_group_data['name'];
- $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = '.$id);
+ $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = ?', $id);
$userkey = $client_data['ssh_rsa'];
unset($domain_data);
unset($client_data);
@@ -323,7 +323,7 @@ class shelluser_base_plugin {
// ssh-rsa authentication variables
//$sshrsa = $this->data['new']['ssh_rsa'];
$sshrsa = '';
- $ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ".intval($this->data['new']['parent_domain_id']));
+ $ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ?", $this->data['new']['parent_domain_id']);
if(is_array($ssh_users)) {
foreach($ssh_users as $sshu) {
if($sshu['ssh_rsa'] != '') $sshrsa .= "\n".$sshu['ssh_rsa'];
@@ -347,7 +347,7 @@ class shelluser_base_plugin {
$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote($app->system->file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote($userkey)."' WHERE client_id = ".$id);
+ $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
$app->system->unlink('/tmp/id_rsa');
$app->system->unlink('/tmp/id_rsa.pub');
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 3c8e2948a1d6c5d5bb83e4006961fd2e7f29a2d3..aabbcde2343a5392447f789cebc4516706ed31b4 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -80,7 +80,7 @@ class shelluser_jailkit_plugin {
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!$app->system->is_allowed_user($data['new']['username'], false, false)
|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
@@ -159,7 +159,7 @@ class shelluser_jailkit_plugin {
return false;
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!$app->system->is_allowed_user($data['new']['username'], false, false)
|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
@@ -232,7 +232,7 @@ class shelluser_jailkit_plugin {
return false;
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
if ($data['old']['chroot'] == "jailkit")
{
@@ -284,7 +284,7 @@ class shelluser_jailkit_plugin {
//add bash.bashrc script
//we need to collect the domain name to be used as the HOSTNAME in the bashrc script
- $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"]));
+ $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ?", $this->data['new']["parent_domain_id"]);
$this->app->load('tpl');
@@ -407,7 +407,7 @@ class shelluser_jailkit_plugin {
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
// Get the parent website of this shell user
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);
//* If the security level is set to high
if($web_config['security_level'] == 20 && is_array($web)) {
@@ -431,11 +431,11 @@ class shelluser_jailkit_plugin {
global $app;
$this->app->log("ssh-rsa setup shelluser_jailkit", LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
- $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
- $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = '.intval($domain_data['sys_groupid']));
+ $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = ?', $this->data['new']['parent_domain_id']);
+ $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = ?', $domain_data['sys_groupid']);
$id = intval($sys_group_data['client_id']);
$username= $sys_group_data['name'];
- $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = '.$id);
+ $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = ?', $id);
$userkey = $client_data['ssh_rsa'];
unset($domain_data);
unset($client_data);
@@ -459,7 +459,7 @@ class shelluser_jailkit_plugin {
$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote($app->system->file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote($userkey)."' WHERE client_id = ".$id);
+ $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ? ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
$app->system->unlink('/tmp/id_rsa');
$app->system->unlink('/tmp/id_rsa.pub');
@@ -532,10 +532,10 @@ class shelluser_jailkit_plugin {
global $app, $conf;
// check if we have to delete the dir
- $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($homedir) . '\'');
+ $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $homedir);
if(!$check && is_dir($homedir)) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($parent_domain_id));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $parent_domain_id);
$app->system->web_folder_protection($web['document_root'], false);
// delete dir
diff --git a/server/plugins-available/software_update_plugin.inc.php b/server/plugins-available/software_update_plugin.inc.php
index 6f12bf890a96870f0240a4eb3ee45cf5bc26d755..ae6b79cfc4ac42bb6d68355290112f60e6bd53e2 100644
--- a/server/plugins-available/software_update_plugin.inc.php
+++ b/server/plugins-available/software_update_plugin.inc.php
@@ -67,8 +67,8 @@ class software_update_plugin {
private function set_install_status($inst_id, $status) {
global $app;
- $app->db->query("UPDATE software_update_inst SET status = '{$status}' WHERE software_update_inst_id = '{$inst_id}'");
- $app->dbmaster->query("UPDATE software_update_inst SET status = '{$status}' WHERE software_update_inst_id = '{$inst_id}'");
+ $app->db->query("UPDATE software_update_inst SET status = ? WHERE software_update_inst_id = ?", $status, $inst_id);
+ $app->dbmaster->query("UPDATE software_update_inst SET status = ? WHERE software_update_inst_id = ?", $status, $inst_id);
}
public function process($event_name, $data) {
@@ -76,8 +76,8 @@ class software_update_plugin {
//* Get the info of the package:
$software_update_id = intval($data["new"]["software_update_id"]);
- $software_update = $app->db->queryOneRecord("SELECT * FROM software_update WHERE software_update_id = '$software_update_id'");
- $software_package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '".$app->db->quote($software_update['package_name'])."'");
+ $software_update = $app->db->queryOneRecord("SELECT * FROM software_update WHERE software_update_id = ?", $software_update_id);
+ $software_package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $software_update['package_name']);
if($software_package['package_type'] == 'ispconfig' && !$conf['software_updates_enabled'] == true) {
$app->log('Software Updates not enabled on this server. To enable updates, set $conf["software_updates_enabled"] = true; in config.inc.php', LOGLEVEL_WARN);
diff --git a/server/plugins-available/webmail_symlink_plugin.inc.php b/server/plugins-available/webmail_symlink_plugin.inc.php
index 43cca9b357956e4fe65eefbc47046e21e006fb10..c64b706d7e4361d42919246c8e8804426ea2def9 100644
--- a/server/plugins-available/webmail_symlink_plugin.inc.php
+++ b/server/plugins-available/webmail_symlink_plugin.inc.php
@@ -81,7 +81,7 @@ class webmail_symlink_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) {
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -89,7 +89,7 @@ class webmail_symlink_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
diff --git a/server/plugins-available/webserver_plugin.inc.php b/server/plugins-available/webserver_plugin.inc.php
index dd5a50b0561012f5fc072c391e08f4f30e7b0041..cca339ace01a5f123e6dd9167c568343d1906eed 100644
--- a/server/plugins-available/webserver_plugin.inc.php
+++ b/server/plugins-available/webserver_plugin.inc.php
@@ -107,7 +107,7 @@ class webserver_plugin {
//** read additional php versions of this server
- $php_versions = $app->db->queryAllRecords('SELECT server_php_id, php_fastcgi_ini_dir, php_fpm_ini_dir FROM server_php WHERE server_id = ' . intval($conf['server_id']));
+ $php_versions = $app->db->queryAllRecords('SELECT server_php_id, php_fastcgi_ini_dir, php_fpm_ini_dir FROM server_php WHERE server_id = ?', $conf['server_id']);
foreach($php_versions as $php) {
if($php['php_fastcgi_ini_dir'] && $php['php_fastcgi_ini_dir'] . '/php.ini' != $web_config['php_ini_path_cgi']) {
$check_files[] = array('file' => $php['php_fastcgi_ini_dir'] . '/php.ini',
diff --git a/server/server.php b/server/server.php
index 4cf1d353b77ff87409d22fba8dc9c97ca3d4e3c3..4479b147c5504ef304ce1beb3fc5d2a00c19c2c1 100644
--- a/server/server.php
+++ b/server/server.php
@@ -43,14 +43,14 @@ $conf['server_id'] = intval($conf['server_id']);
* Try to Load the server configuration from the master-db
*/
if ($app->dbmaster->connect_error == NULL) {
- $server_db_record = $app->dbmaster->queryOneRecord("SELECT * FROM server WHERE server_id = " . $conf['server_id']);
+ $server_db_record = $app->dbmaster->queryOneRecord("SELECT * FROM server WHERE server_id = ?", $conf['server_id']);
if(!is_array($server_db_record)) die('Unable to load the server configuration from database.');
//* Get the number of the last processed datalog_id, if the id of the local server
//* is > then the one of the remote system, then use the local ID as we might not have
//* reached the remote server during the last run then.
- $local_server_db_record = $app->db->queryOneRecord("SELECT * FROM server WHERE server_id = " . $conf['server_id']);
+ $local_server_db_record = $app->db->queryOneRecord("SELECT * FROM server WHERE server_id = ?", $conf['server_id']);
$conf['last_datalog_id'] = (int) max($server_db_record['updated'], $local_server_db_record['updated']);
unset($local_server_db_record);
@@ -73,7 +73,6 @@ if ($app->dbmaster->connect_error == NULL) {
unset($server_db_record);
// retrieve admin email address for notifications
- //$sys_ini = $app->dbmaster->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
$sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
$conf['sys_ini'] = $app->ini_parser->parse_ini_string(stripslashes($sys_ini['config']));
$conf['admin_mail'] = $conf['sys_ini']['mail']['admin_mail'];
@@ -156,9 +155,9 @@ if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) {
// Check if there is anything to update
if ($conf['mirror_server_id'] > 0) {
- $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > " . $conf['last_datalog_id'] . " AND (server_id = " . $conf['server_id'] . " OR server_id = " . $conf['mirror_server_id'] . " OR server_id = 0)");
+ $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = ? OR server_id = 0)", $conf['last_datalog_id'], $conf['server_id'], $conf['mirror_server_id']);
} else {
- $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > " . $conf['last_datalog_id'] . " AND (server_id = " . $conf['server_id'] . " OR server_id = 0)");
+ $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0)", $conf['last_datalog_id'], $conf['server_id']);
}
$tmp_num_records = $tmp_rec['number'];