diff --git a/helper_scripts/recreate_webalizer_stats.php b/helper_scripts/recreate_webalizer_stats.php
index fbaef38097d01009ac947755644fbf20f17803c0..5afcd9759a858aa6dccce93069a421c2be1c26e5 100644
--- a/helper_scripts/recreate_webalizer_stats.php
+++ b/helper_scripts/recreate_webalizer_stats.php
@@ -5,8 +5,8 @@
//######################################################################################################
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
foreach($records as $rec) {
$domain = escapeshellcmd($rec["domain"]);
$logdir = escapeshellcmd($rec["document_root"].'/log');
diff --git a/install/apps/metronome_libs/mod_auth_external/db_auth.php b/install/apps/metronome_libs/mod_auth_external/db_auth.php
index 086dcf6a0143efbb8562f3817d0fc7c58c03d949..3df135bc12a95c6773c5a8033f8b8117a3759981 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_auth.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_auth.php
@@ -17,7 +17,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
diff --git a/install/apps/metronome_libs/mod_auth_external/db_isuser.php b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
index 7a7cf861bf88f38035535297672636f1518dca3a..e6820635bcdd085c3273f5e6c9c65819cea8d675 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_isuser.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
@@ -15,7 +15,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
result_true();
diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php
index fab5628a77cfe9b1e7da045adfebcf06f832b4a2..80ad28faebbb84922775c2f2590fa79229f85e93 100644
--- a/install/dist/lib/debian60.lib.php
+++ b/install/dist/lib/debian60.lib.php
@@ -38,7 +38,7 @@ class installer extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -154,10 +154,6 @@ class installer extends installer_base {
*/
}
- public function configure_xmpp() {
- parent::configure_xmpp();
- }
-
}
?>
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index ecdb00f61e2d5fd14957693860b045cc5cd34e01..7b3fd6e25df51d50896be625076c1a97ea9c6fcf 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -185,7 +185,7 @@ class installer_dist extends installer_base {
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -404,7 +404,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -713,7 +713,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -799,7 +799,7 @@ class installer_dist extends installer_base {
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
- public function configure_firewall()
+ public function configure_bastille_firewall()
{
global $conf;
@@ -821,7 +821,7 @@ class installer_dist extends installer_base {
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -832,7 +832,7 @@ class installer_dist extends installer_base {
}
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1032,13 +1032,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index d23f777d3fa019e075625aff389ed65e6fd4ba8e..d8c3f3818a653c171d2ab161276be2e7ad365974 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -258,7 +258,7 @@ class installer extends installer_base
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -450,13 +450,13 @@ class installer extends installer_base
global $conf;
//* Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
- $query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
- if(!$this->db->query($query)) {
+ $query = 'GRANT ALL ON ??.* TO ?@?';
+ if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
@@ -566,25 +566,10 @@ class installer extends installer_base
//* Copy the ISPConfig configuration include
- /*
- $content = $this->get_template_file('apache_ispconfig.conf', true);
-
- $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
- if(is_array($records) && count($records) > 0)
- {
- foreach($records as $rec) {
- $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
- $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
- }
- }
-
- $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
- */
-
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -933,13 +918,11 @@ class installer extends installer_base
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index c60f9db65dce0fded35247a131bc2f01faf8e50d..55d48884a0b2f5afc297e8330f938ae55df21c31 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -215,7 +215,7 @@ class installer_dist extends installer_base {
if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -459,7 +459,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -745,7 +745,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -873,7 +873,7 @@ class installer_dist extends installer_base {
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
- public function configure_firewall()
+ public function configure_bastille_firewall()
{
global $conf;
@@ -895,7 +895,7 @@ class installer_dist extends installer_base {
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -907,7 +907,7 @@ class installer_dist extends installer_base {
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1105,13 +1105,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/install.php b/install/install.php
index 3aedfefa856c1c0ea05ae325f312130d2c3be834..e5f0abea77695fe7119242605e45a021fa6c1d21 100644
--- a/install/install.php
+++ b/install/install.php
@@ -449,10 +449,8 @@ if($install_mode == 'standard') {
// initialize the connection to the master database
$inst->dbmaster = new db();
if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
- $inst->dbmaster->dbHost = $conf['mysql']["master_host"];
- $inst->dbmaster->dbName = $conf['mysql']["master_database"];
- $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];
- $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];
+ $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);
+ $inst->dbmaster->setDBName($conf['mysql']["master_database"]);
} else {
// the master DB is the same then the slave DB
@@ -623,23 +621,17 @@ if($install_mode == 'standard') {
//** Configure Firewall
if(strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
- //if($conf['bastille']['installed'] == true) {
- //* Configure Bastille Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Bastille Firewall');
- $inst->configure_firewall();
- /*} elseif($conf['ufw']['installed'] == true) {
- //* Configure Ubuntu Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Ubuntu Firewall');
- $inst->configure_ufw_firewall();
- } else {
- //* Configure Bastille Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Bastille Firewall');
- $inst->configure_bastille_firewall();
- }
- */
+ if($conf['ufw']['installed'] == true) {
+ //* Configure Ubuntu Firewall
+ $conf['services']['firewall'] = true;
+ swriteln('Configuring Ubuntu Firewall');
+ $inst->configure_ufw_firewall();
+ } else {
+ //* Configure Bastille Firewall
+ $conf['services']['firewall'] = true;
+ swriteln('Configuring Bastille Firewall');
+ $inst->configure_bastille_firewall();
+ }
}
//** Configure Firewall
@@ -713,6 +705,8 @@ if($install_mode == 'standard') {
} //* << $install_mode / 'Standard' or Genius
+$inst->create_mount_script();
+
//* Create md5 filelist
$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';
exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index cf9b51912eb6157999b56190235f58dea8586257..4e1ee478ed9c1f6a4d3098e0b1c6dcee26e70e25 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -167,12 +167,12 @@ class installer_base {
global $conf;
//** Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['mysql']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');
}
//* Set the database name in the DB library
- $this->db->dbName = $conf['mysql']['database'];
+ $this->db->setDBName($conf['mysql']['database']);
//* Load the database dump into the database, if database contains no tables
$db_tables = $this->db->getTables();
@@ -192,8 +192,8 @@ class installer_base {
}
//* Load system.ini into the sys_ini table
- $system_ini = $this->db->quote(rf('tpl/system.ini.master'));
- $this->db->query("UPDATE sys_ini SET config = '$system_ini' WHERE sysini_id = 1");
+ $system_ini = rf('tpl/system.ini.master');
+ $this->db->query("UPDATE sys_ini SET config = ? WHERE sysini_id = 1", $system_ini);
}
}
@@ -210,15 +210,13 @@ class installer_base {
}
// Delete ISPConfig user in the local database, in case that it exists
- $this->db->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['ispconfig_user']."' AND Host = '".$from_host."';");
- $this->db->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['database']."' AND Host = '".$from_host."';");
- $this->db->query('FLUSH PRIVILEGES;');
+ $this->db->query("DELETE FROM mysql.user WHERE User = ? AND Host = ?", $conf['mysql']['ispconfig_user'], $from_host);
+ $this->db->query("DELETE FROM mysql.db WHERE Db = ? AND Host = ?", $conf['mysql']['database'], $from_host);
+ $this->db->query('FLUSH PRIVILEGES');
//* Create the ISPConfig database user in the local database
- $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['database'].".* "
- ."TO '".$conf['mysql']['ispconfig_user']."'@'".$from_host."' "
- ."IDENTIFIED BY '".$conf['mysql']['ispconfig_password']."';";
- if(!$this->db->query($query)) {
+ $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON ?? TO ?@? IDENTIFIED BY ?';
+ if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host, $conf['mysql']['ispconfig_password'])) {
$this->error('Unable to create database user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);
}
@@ -226,7 +224,7 @@ class installer_base {
$this->db->query('FLUSH PRIVILEGES;');
//* Set the database name in the DB library
- $this->db->dbName = $conf['mysql']['database'];
+ $this->db->setDBName($conf['mysql']['database']);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
@@ -280,8 +278,7 @@ class installer_base {
}
$server_ini_content = array_to_ini($tpl_ini_array);
- $server_ini_content = mysql_real_escape_string($server_ini_content);
-
+
$mail_server_enabled = ($conf['services']['mail'])?1:0;
$web_server_enabled = ($conf['services']['web'])?1:0;
$dns_server_enabled = ($conf['services']['dns'])?1:0;
@@ -309,14 +306,14 @@ class installer_base {
if($conf['mysql']['master_slave_setup'] == 'y') {
//* Insert the server record in master DB
- $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
$conf['server_id'] = $this->dbmaster->insertID();
$conf['server_id'] = $conf['server_id'];
//* Insert the same record in the local DB
- $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->db->query($sql);
+ $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
//* username for the ispconfig user
$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
@@ -325,8 +322,8 @@ class installer_base {
} else {
//* Insert the server, if its not a mster / slave setup
- $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->db->query($sql);
+ $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
$conf['server_id'] = $this->db->insertID();
$conf['server_id'] = $conf['server_id'];
}
@@ -388,141 +385,141 @@ class installer_base {
* if not, the user already exists and we do not need the pwd
*/
if ($value['pwd'] != ''){
- $query = "CREATE USER '".$value['user']."'@'".$host."' IDENTIFIED BY '" . $value['pwd'] . "'";
+ $query = "CREATE USER ?@? IDENTIFIED BY ?";
if ($verbose){
echo "\n\n" . $query ."\n";
}
- $this->dbmaster->query($query); // ignore the error
+ $this->dbmaster->query($query, $value['user'], $host, $value['pwd']); // ignore the error
}
/*
* Try to delete all rights of the user in case that it exists.
* In Case that it will not exist, do nothing (ignore the error!)
*/
- $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '".$value['user']."'@'".$host."' ";
+ $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ?@?";
if ($verbose){
echo "\n\n" . $query ."\n";
}
- $this->dbmaster->query($query); // ignore the error
+ $this->dbmaster->query($query, $value['user'], $host); // ignore the error
//* Create the ISPConfig database user in the remote database
- $query = "GRANT SELECT ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT ON ".$value['db'].".`sys_log` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_log', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ".$value['db'].".`sys_datalog` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_datalog', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`status`) ON ".$value['db'].".`software_update_inst` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`status`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.software_update_inst', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`updated`) ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`updated`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_domain', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT ON ".$value['db'].".`sys_group` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_group', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ".$value['db'].".`sys_remoteaction` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_remoteaction', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT , DELETE ON ".$value['db'].".`monitor_data` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT , DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.monitor_data', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`mail_traffic` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.mail_traffic', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`web_traffic` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_traffic', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE, DELETE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, DELETE ON ".$value['db'].".`aps_instances_settings` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances_settings', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_backup', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
}
@@ -530,7 +527,7 @@ class installer_base {
/*
* It is all done. Relod the rights...
*/
- $this->dbmaster->query('FLUSH PRIVILEGES;');
+ $this->dbmaster->query('FLUSH PRIVILEGES');
}
}
@@ -735,7 +732,7 @@ class installer_base {
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM `" . $this->db->quote($conf["mysql"]["database"]) . "`.`server` WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -983,7 +980,7 @@ class installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -1259,18 +1256,18 @@ class installer_base {
global $conf;
//* Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
- $query = "GRANT ALL ON `".$conf['powerdns']['database']."` . * TO '".$conf['mysql']['ispconfig_user']."'@'localhost';";
- if(!$this->db->query($query)) {
+ $query = "GRANT ALL ON ?? TO ?@'localhost'";
+ if(!$this->db->query($query, $conf['powerdns']['database'] . '.*', $conf['mysql']['ispconfig_user'])) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
//* Reload database privelages
- $this->db->query('FLUSH PRIVILEGES;');
+ $this->db->query('FLUSH PRIVILEGES');
//* load the powerdns databse dump
if($conf['mysql']['admin_password'] == '') {
@@ -1333,7 +1330,7 @@ class installer_base {
if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
unlink('/etc/metronome/metronome.cfg.lua');
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
+ $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$server_name = $row["server_name"];
$tpl = new tpl('metronome_conf_main.master');
@@ -1492,7 +1489,7 @@ Email Address []:
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -1575,36 +1572,6 @@ Email Address []:
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
- /*
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
- $ip_address = gethostbyname($row["server_name"]);
- $server_name = $row["server_name"];
-
- //setup proxy.conf
- $configfile = 'proxy.conf';
- if(is_file($conf["nginx"]["config_dir"].'/'.$configfile)) copy($conf["nginx"]["config_dir"].'/'.$configfile,$conf["nginx"]["config_dir"].'/'.$configfile.'~');
- if(is_file($conf["nginx"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/'.$configfile.'~');
- $content = rf("tpl/nginx_".$configfile.".master");
- wf($conf["nginx"]["config_dir"].'/'.$configfile,$content);
- exec('chmod 600 '.$conf["nginx"]["config_dir"].'/'.$configfile);
- exec('chown root:root '.$conf["nginx"]["config_dir"].'/'.$configfile);
-
- //setup conf.d/cache.conf
- $configfile = 'cache.conf';
- if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile)) copy($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
- if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
- $content = rf("tpl/nginx_".$configfile.".master");
- wf($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$content);
- exec('chmod 600 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
- exec('chown root:root '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
-
- //setup cache directories
- mkdir('/var/cache/nginx/cache');
- exec('chown www-data:www-data /var/cache/nginx/cache');
- mkdir('/var/cache/nginx/temp');
- exec('chown www-data:www-data /var/cache/nginx/temp');
- */
}
public function configure_fail2ban() {
@@ -1614,7 +1581,7 @@ Email Address []:
public function configure_squid()
{
global $conf;
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
+ $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$ip_address = gethostbyname($row["server_name"]);
$server_name = $row["server_name"];
@@ -1661,7 +1628,7 @@ Email Address []:
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') {
$tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));
@@ -1673,7 +1640,7 @@ Email Address []:
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
@@ -2100,13 +2067,11 @@ Email Address []:
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ?";
+ $this->db->query($sql, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $conf['server_id']);
}
@@ -2485,6 +2450,32 @@ Email Address []:
}
+ public function create_mount_script(){
+ global $app, $conf;
+ $mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
+ $mount_command = '';
+
+ if(is_file($mount_script)) return;
+ if(is_file('/etc/rc.local')){
+ $rc_local = file('/etc/rc.local');
+ if(is_array($rc_local) && !empty($rc_local)){
+ foreach($rc_local as $line){
+ $line = trim($line);
+ if(substr($line, 0, 1) == '#') continue;
+ if(strpos($line, 'sshfs') !== false && strpos($line, '/var/backup') !== false){
+ $mount_command = "#!/bin/sh\n\n";
+ $mount_command .= $line."\n\n";
+ file_put_contents($mount_script, $mount_command);
+ chmod($mount_script, 0755);
+ chown($mount_script, 'root');
+ chgrp($mount_script, 'root');
+ break;
+ }
+ }
+ }
+ }
+ }
+
// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
public function cleanup_ispconfig() {
global $app,$conf;
diff --git a/install/lib/mysql.lib.php b/install/lib/mysql.lib.php
index c5c2a83a68681ac18a7c3036307c6f0b4423fa49..c6078ca2bbc05a2ede69c76fb6edfe50f9fa416c 100644
--- a/install/lib/mysql.lib.php
+++ b/install/lib/mysql.lib.php
@@ -1,190 +1,499 @@
<?php
-
/*
-Copyright (c) 2007, Till Brehm, projektfarm Gmbh
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the name of ISPConfig nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-class db
+ Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+class db extends mysqli
{
- var $dbHost = ""; // hostname of the MySQL server
- var $dbName = ""; // logical database name on that server
- var $dbUser = ""; // database authorized user
- var $dbPass = ""; // user's password
- var $dbCharset = ""; // what charset comes and goes to mysql: utf8 / latin1
- var $linkId = false; // last result of mysql_connect()
- var $queryId = 0; // last result of mysql_query()
- var $record = array(); // last record fetched
- var $autoCommit = 1; // Autocommit Transactions
- var $currentRow; // current row number
- var $errorNumber = 0; // last error number
- var $errorMessage = ""; // last error message
- var $errorLocation = ""; // last error location
- var $show_error_messages = false;
-
- // constructor
- function db()
- {
-
+ /**#@+
+ * @access private
+ */
+ private $_iQueryId;
+ private $_iConnId;
+
+ private $dbHost = ''; // hostname of the MySQL server
+ private $dbName = ''; // logical database name on that server
+ private $dbUser = ''; // database authorized user
+ private $dbPass = ''; // user's password
+ private $dbCharset = 'utf8';// Database charset
+ private $dbNewLink = false; // Return a new linkID when connect is called again
+ private $dbClientFlags = 0; // MySQL Client falgs
+ /**#@-*/
+
+ public $show_error_messages = false; // false in server, true in interface
+
+
+ /* old things - unused now ////
+ private $linkId = 0; // last result of mysqli_connect()
+ private $queryId = 0; // last result of mysqli_query()
+ private $record = array(); // last record fetched
+ private $autoCommit = 1; // Autocommit Transactions
+ private $currentRow; // current row number
+ public $errorNumber = 0; // last error number
+ public $errorMessage = ''; // last error message
+ private $errorLocation = '';// last error location
+ private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
+ ////
+ */
+
+ public function __destruct() {
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ }
+
+ private function do_connect() {
global $conf;
+
+ if($this->_iConnId) return true;
$this->dbHost = $conf["mysql"]["host"];
- //$this->dbName = $conf["mysql"]["database"];
+ $this->dbName = false;//$conf["mysql"]["database"];
$this->dbUser = $conf["mysql"]["admin_user"];
$this->dbPass = $conf["mysql"]["admin_password"];
$this->dbCharset = $conf["mysql"]["charset"];
- //$this->connect();
- }
+ $this->dbNewLink = false;
+ $this->dbClientFlags = null;
+
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ $try = 0;
+ while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
+ if($try > 0) sleep(1);
+
+ $try++;
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ }
- // error handler
- function updateError($location)
- {
- $this->errorNumber = mysqli_errno($this->linkId);
- $this->errorMessage = mysqli_error($this->linkId);
- $this->errorLocation = $location;
- if($this->errorNumber && $this->show_error_messages)
- {
- echo '<br /><b>'.$this->errorLocation.'</b><br />'.$this->errorMessage;
- flush();
+ if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ $this->_iConnId = null;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
+ return false;
+ }
+
+ if($this->dbName) $this->setDBName($this->dbName);
+
+ $this->_setCharset();
+ }
+
+ public function setDBData($host, $user, $password) {
+ $this->dbHost = $host;
+ $this->dbUser = $user;
+ $this->dbPass = $password;
+ }
+
+ public function setDBName($name) {
+ $this->dbName = $name;
+ if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
+ $this->close();
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found');
+ return false;
}
}
+
+ public function close() {
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ $this->_iConnId = null;
+ }
- function connect()
- {
- if(!$this->linkId)
- {
- $this->linkId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ /* This allows our private variables to be "read" out side of the class */
+ public function __get($var) {
+ return isset($this->$var) ? $this->$var : NULL;
+ }
- if(!$this->linkId)
- {
- $this->updateError('DB::connect()<br />mysqli_connect');
- return false;
+ public function _build_query_string($sQuery = '') {
+ $iArgs = func_num_args();
+ if($iArgs > 1) {
+ $aArgs = func_get_args();
+
+ if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
+ $aArgs = $aArgs[2];
+ $iArgs = count($aArgs);
+ } else {
+ array_shift($aArgs); // delete the query string that is the first arg!
+ }
+
+ $iPos = 0;
+ $iPos2 = 0;
+ foreach($aArgs as $sKey => $sValue) {
+ $iPos2 = strpos($sQuery, '??', $iPos2);
+ $iPos = strpos($sQuery, '?', $iPos);
+
+ if($iPos === false && $iPos2 === false) break;
+
+ if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
+ $sTxt = $this->escape($sValue);
+
+ if(strpos($sTxt, '.') !== false) {
+ $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ $sTxt = str_replace('.`*`', '.*', $sTxt);
+ } else $sTxt = '`' . $sTxt . '`';
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
+ $iPos2 += strlen($sTxt);
+ $iPos = $iPos2;
+ } else {
+ if(is_int($sValue) || is_float($sValue)) {
+ $sTxt = $sValue;
+ } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ $sTxt = 'NULL';
+ } elseif(is_array($sValue)) {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ } else {
+ $sTxt = '\'' . $this->escape($sValue) . '\'';
+ }
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
+ $iPos += strlen($sTxt);
+ $iPos2 = $iPos;
+ }
}
- $this->queryId = @mysqli_query($this->linkId, 'SET NAMES '.$this->dbCharset);
}
- return true;
+
+ return $sQuery;
}
- function query($queryString)
- {
- if(!$this->connect())
- {
+ /**#@-*/
+
+
+ /**#@+
+ * @access private
+ */
+ private function _setCharset() {
+ mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
+ mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ }
+
+ private function _query($sQuery = '') {
+ $this->do_connect();
+
+ if ($sQuery == '') {
+ $this->_sqlerror('Keine Anfrage angegeben / No query given');
return false;
}
- if($this->dbName != '') {
- if(!mysqli_select_db($this->linkId, $this->dbName))
- {
- $this->updateError('DB::connect()<br />mysqli_select_db');
- return false;
+
+ $try = 0;
+ do {
+ $try++;
+ $ok = mysqli_ping($this->_iConnId);
+ if(!$ok) {
+ if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
+ if($this->errorNumber == '111') {
+ // server is not available
+ if($try > 9) {
+ $this->_sqlerror('DB::query -> error connecting');
+ exit;
+ }
+ sleep(30); // additional seconds, please!
+ }
+
+ if($try > 9) {
+ $this->_sqlerror('DB::query -> reconnect');
+ return false;
+ } else {
+ sleep(($try > 7 ? 5 : 1));
+ }
+ } else {
+ $this->_setCharset();
+ $ok = true;
+ }
}
- }
- $this->queryId = @mysqli_query($this->linkId, $queryString);
- $this->updateError('DB::query('.$queryString.')<br />mysqli_query');
- if(!$this->queryId)
- {
+ } while($ok == false);
+
+ $aArgs = func_get_args();
+ $sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
+
+ $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
+ if (!$this->_iQueryId) {
+ $this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
return false;
}
- $this->currentRow = 0;
- return $this->queryId;
+
+ return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
}
- // returns all records in an array
- function queryAllRecords($queryString)
- {
- if(!$this->query($queryString))
- {
- return false;
- }
- $ret = array();
- while($line = $this->nextRecord())
- {
- $ret[] = $line;
+ /**#@-*/
+
+
+
+
+
+ /**
+ * Executes a query
+ *
+ * Executes a given query string, has a variable amount of parameters:
+ * - 1 parameter
+ * executes the given query
+ * - 2 parameters
+ * executes the given query, replaces the first ? in the query with the second parameter
+ * - 3 parameters
+ * if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
+ * - 4 or more parameters
+ * all ? in the query are replaced from left to right by the parameters 2 to x
+ *
+ * @access public
+ * @param string $sQuery query string
+ * @param mixed ... one or more parameters
+ * @return db_result the result object of the query
+ */
+
+
+ public function query($sQuery = '') {
+ $aArgs = func_get_args();
+ return call_user_func_array(array(&$this, '_query'), $aArgs);
+ }
+
+ /**
+ * Execute a query and get first result array
+ *
+ * Executes a query and returns the first result row as an array
+ * This is like calling $result = $db->query(), $result->get(), $result->free()
+ * Use of this function @see query
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array result row or NULL if none found
+ */
+ public function queryOneRecord($sQuery = '') {
+ if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';
+
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return null;
+
+ $aReturn = $oResult->get();
+ $oResult->free();
+
+ return $aReturn;
+ }
+
+ public function queryOne($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
+ }
+
+ public function query_one($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
+ }
+
+ /**
+ * Execute a query and return all rows
+ *
+ * Executes a query and returns all result rows in an array
+ * <strong>Use this with extreme care!!!</strong> Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllRecords($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = $aRow;
}
- return $ret;
+ $oResult->free();
+
+ return $aResults;
}
- // returns one record in an array
- function queryOneRecord($queryString)
- {
- if(!$this->query($queryString) || $this->numRows() == 0)
- {
- return false;
+ public function queryAll($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
+ }
+
+ public function query_all($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
+ }
+
+ /**
+ * Execute a query and return all rows as simple array
+ *
+ * Executes a query and returns all result rows in an array with elements
+ * <strong>Only first column is returned</strong> Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllArray($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = reset($aRow);
}
- return $this->nextRecord();
+ $oResult->free();
+
+ return $aResults;
}
- // returns the next record in an array
- function nextRecord()
- {
- $this->record = mysqli_fetch_assoc($this->queryId);
- $this->updateError('DB::nextRecord()<br />mysqli_fetch_array');
- if(!$this->record || !is_array($this->record))
- {
- return false;
+ public function query_all_array($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllArray'), func_get_args());
+ }
+
+
+
+ /**
+ * Get id of last inserted row
+ *
+ * Gives you the id of the last inserted row in a table with an auto-increment primary key
+ *
+ * @access public
+ * @return int id of last inserted row or 0 if none
+ */
+ public function insert_id() {
+ $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
+ if(!is_object($iRes)) return false;
+
+ $aReturn = mysqli_fetch_assoc($iRes);
+ mysqli_free_result($iRes);
+
+ return $aReturn['newid'];
+ }
+
+
+
+ /**
+ * get affected row count
+ *
+ * Gets the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnId)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * check if a utf8 string is valid
+ *
+ * @access public
+ * @param string $string the string to check
+ * @return bool true if it is valid utf8, false otherwise
+ */
+ private function check_utf8($str) {
+ $len = strlen($str);
+ for($i = 0; $i < $len; $i++){
+ $c = ord($str[$i]);
+ if ($c > 128) {
+ if (($c > 247)) return false;
+ elseif ($c > 239) $bytes = 4;
+ elseif ($c > 223) $bytes = 3;
+ elseif ($c > 191) $bytes = 2;
+ else return false;
+ if (($i + $bytes) > $len) return false;
+ while ($bytes > 1) {
+ $i++;
+ $b = ord($str[$i]);
+ if ($b < 128 || $b > 191) return false;
+ $bytes--;
+ }
+ }
+ }
+ return true;
+ } // end of check_utf8
+
+ /**
+ * Escape a string for usage in a query
+ *
+ * @access public
+ * @param string $sString query string to escape
+ * @return string escaped string
+ */
+ public function escape($sString) {
+ if(!is_string($sString) && !is_numeric($sString)) {
+ $sString = '';
+ }
+
+ $cur_encoding = mb_detect_encoding($sString);
+ if($cur_encoding != "UTF-8") {
+ if($cur_encoding != 'ASCII') {
+ if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
+ else $sString = mb_convert_encoding($sString, 'UTF-8');
+ }
+ } elseif(!$this->check_utf8($sString)) {
+ $sString = utf8_encode($sString);
}
- $this->currentRow++;
- return $this->record;
+
+ if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
+ else return addslashes($sString);
}
- // returns number of rows returned by the last select query
- function numRows()
- {
- return mysqli_num_rows($this->queryId);
+ /**
+ *
+ *
+ * @access private
+ */
+ private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
+ global $conf;
+
+ $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
+ $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+
+ //$sAddMsg .= getDebugBacktrace();
+
+ if($this->show_error_messages && $conf['demo_mode'] === false) {
+ echo $sErrormsg . $sAddMsg;
+ }
}
- function affectedRows()
- {
- return mysqli_affected_rows($this->linkId);
+ public function affectedRows() {
+ return $this->affected();
}
// returns mySQL insert id
- function insertID()
- {
- return mysqli_insert_id($this->linkId);
+ public function insertID() {
+ return $this->insert_id();
}
- // Check der variablen
- // deprecated, now use quote
- function check($formfield)
- {
- return $this->quote($formfield);
- }
- // Check der variablen
- function quote($formfield)
- {
- return mysqli_real_escape_string($this->linkId, $formfield);
+ //* Function to quote strings
+ public function quote($formfield) {
+ return $this->escape($formfield);
}
- // Check der variablen
- function unquote($formfield)
- {
+ //* Function to unquotae strings
+ public function unquote($formfield) {
return stripslashes($formfield);
}
- function toLower($record) {
+ public function toLower($record) {
if(is_array($record)) {
foreach($record as $key => $val) {
$key = strtolower($key);
@@ -194,7 +503,7 @@ class db
return $out;
}
-
+ /* TODO: rewrite SQL */
function insert($tablename, $form, $debug = 0)
{
if(is_array($form)){
@@ -213,7 +522,8 @@ class db
if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
}
}
-
+
+ /* TODO: rewrite SQL */
function update($tablename, $form, $bedingung, $debug = 0)
{
@@ -230,218 +540,174 @@ class db
}
}
- function closeConn() {
-
- }
-
- function freeResult() {
-
-
- }
-
- function delete() {
-
- }
-
- function Transaction($action) {
- //action = begin, commit oder rollback
-
- }
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
-
- function createTable($table_name, $columns) {
- $index = "";
- $sql = "CREATE TABLE $table_name (";
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
+ public function createTable($table_name, $columns) {
+ $index = '';
+ $sql = "CREATE TABLE ?? (";
foreach($columns as $col){
- $sql .= $col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
-
- if($col["defaultValue"] != "") {
- if($col["defaultValue"] == "NULL" or $col["defaultValue"] == "NOT NULL") {
- $sql .= "DEFAULT ".$col["defaultValue"]." ";
- } else {
- $sql .= "DEFAULT '".$col["defaultValue"]."' ";
- }
+ $sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
- } elseif($col["defaultValue"] != false) {
- $sql .= "DEFAULT '' ";
- }
- if($col["defaultValue"] != "NULL" && $col["defaultValue"] != "NOT NULL") {
- if($col["notNull"] == true) {
- $sql .= "NOT NULL ";
- } else {
- $sql .= "NULL ";
- }
+ if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
+ if($col['notNull'] == true) {
+ $sql .= 'NOT NULL ';
+ } else {
+ $sql .= 'NULL ';
}
- if($col["autoInc"] == true) $sql .= "auto_increment ";
- $sql.= ",";
+ if($col['autoInc'] == true) $sql .= 'auto_increment ';
+ $sql.= ',';
// key Definitionen
- if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";
- if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";
- if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";
+ if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
+ if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
+ if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
}
$sql .= $index;
$sql = substr($sql, 0, -1);
- $sql .= ")";
-
- $this->query($sql);
+ $sql .= ')';
+ /* TODO: secure parameters */
+ $this->query($sql, $table_name);
return true;
}
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
- function alterTable($table_name, $columns) {
- $index = "";
- $sql = "ALTER TABLE $table_name ";
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
+ public function alterTable($table_name, $columns) {
+ $index = '';
+ $sql = "ALTER TABLE ?? ";
foreach($columns as $col){
- if($col["action"] == 'add') {
- $sql .= "ADD ".$col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
- } elseif ($col["action"] == 'alter') {
- $sql .= "CHANGE ".$col["name"]." ".$col["name_new"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
- } elseif ($col["action"] == 'drop') {
- $sql .= "DROP ".$col["name"]." ";
+ if($col['action'] == 'add') {
+ $sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
+ } elseif ($col['action'] == 'alter') {
+ $sql .= 'CHANGE '.$col['name'].' '.$col['name_new'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
+ } elseif ($col['action'] == 'drop') {
+ $sql .= 'DROP '.$col['name'].' ';
}
- if($col["action"] != 'drop') {
- if($col["defaultValue"] != "") $sql .= "DEFAULT '".$col["defaultValue"]."' ";
- if($col["notNull"] == true) {
- $sql .= "NOT NULL ";
+ if($col['action'] != 'drop') {
+ if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
+ if($col['notNull'] == true) {
+ $sql .= 'NOT NULL ';
} else {
- $sql .= "NULL ";
+ $sql .= 'NULL ';
}
- if($col["autoInc"] == true) $sql .= "auto_increment ";
- $sql.= ",";
- // key Definitionen
- if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";
- if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";
- if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";
+ if($col['autoInc'] == true) $sql .= 'auto_increment ';
+ $sql.= ',';
+ // Index definitions
+ if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
+ if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
+ if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
}
}
$sql .= $index;
$sql = substr($sql, 0, -1);
-
+ /* TODO: secure parameters */
//die($sql);
- $this->query($sql);
+ $this->query($sql, $table_name);
return true;
}
- function dropTable($table_name) {
+ public function dropTable($table_name) {
$this->check($table_name);
- $sql = "DROP TABLE '". $table_name."'";
- return $this->query($sql);
+ $sql = "DROP TABLE ??";
+ return $this->query($sql, $table_name);
}
// gibt Array mit Tabellennamen zur�ck
- function getTables($database_name = '') {
-
- if($database_name == ''){
- $database_name = $this->dbName;
- }
-
- $tables = $this->queryAllRecords("SHOW TABLES FROM `$database_name`");
- $tb_names = array();
- if(is_array($tables) && !empty($tables)){
- for($i = 0; $i < sizeof($tables); $i++){
- $tb_names[$i] = $tables[$i]['Tables_in_'.$database_name];
- }
- }
-
- /*
- $result = mysqli_query("SHOW TABLES FROM `$database_name`");
- $tb_names = array();
- for ($i = 0; $i < mysqli_num_rows($result); $i++) {
- $tb_names[$i] = mysql_tablename($result, $i);
- }
- */
+ public function getTables($database_name = '') {
+ if(!is_object($this->_iConnId)) return false;
+ if($database_name == '') $database_name = $this->dbName;
+ $tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
return $tb_names;
}
// gibt Feldinformationen zur Tabelle zur�ck
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
-
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
function tableInfo($table_name) {
global $go_api, $go_info;
// Tabellenfelder einlesen
- if($rows = $go_api->db->queryAllRecords("SHOW FIELDS FROM ".$table_name)){
+ if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
- $name = $row[0];
- $default = $row[4];
- $key = $row[3];
- $extra = $row[5];
- $isnull = $row[2];
- $type = $row[1];
+ $name = $row['Field'];
+ $default = $row['Default'];
+ $key = $row['Key'];
+ $extra = $row['Extra'];
+ $isnull = $row['Null'];
+ $type = $row['Type'];
$column = array();
- $column["name"] = $name;
- //$column["type"] = $type;
- $column["defaultValue"] = $default;
- if(stristr($key, "PRI")) $column["option"] = "primary";
- if(stristr($isnull, "YES")) {
- $column["notNull"] = false;
+ $column['name'] = $name;
+ //$column['type'] = $type;
+ $column['defaultValue'] = $default;
+ if(stristr($key, 'PRI')) $column['option'] = 'primary';
+ if(stristr($isnull, 'YES')) {
+ $column['notNull'] = false;
} else {
- $column["notNull"] = true;
+ $column['notNull'] = true;
}
- if($extra == 'auto_increment') $column["autoInc"] = true;
+ if($extra == 'auto_increment') $column['autoInc'] = true;
// Type in Metatype umsetzen
- if(stristr($type, "int(")) $metaType = 'int32';
- if(stristr($type, "bigint")) $metaType = 'int64';
- if(stristr($type, "char")) {
+ if(stristr($type, 'int(')) $metaType = 'int32';
+ if(stristr($type, 'bigint')) $metaType = 'int64';
+ if(stristr($type, 'char')) {
$metaType = 'char';
$tmp_typeValue = explode('(', $type);
- $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);
+ $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
}
- if(stristr($type, "varchar")) {
+ if(stristr($type, 'varchar')) {
$metaType = 'varchar';
$tmp_typeValue = explode('(', $type);
- $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);
+ $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
}
- if(stristr($type, "text")) $metaType = 'text';
- if(stristr($type, "double")) $metaType = 'double';
- if(stristr($type, "blob")) $metaType = 'blob';
+ if(stristr($type, 'text')) $metaType = 'text';
+ if(stristr($type, 'double')) $metaType = 'double';
+ if(stristr($type, 'blob')) $metaType = 'blob';
- $column["type"] = $metaType;
+ $column['type'] = $metaType;
$columns[] = $column;
}
@@ -452,7 +718,7 @@ class db
}
- function mapType($metaType, $typeValue) {
+ public function mapType($metaType, $typeValue) {
global $go_api;
$metaType = strtolower($metaType);
switch ($metaType) {
@@ -472,7 +738,7 @@ class db
return 'char';
break;
case 'varchar':
- if($typeValue < 1) die("Datenbank Fehler: F�r diesen Datentyp ist eine L�ngenangabe notwendig.");
+ if($typeValue < 1) die('Database failure: Lenght required for these data types.');
return 'varchar('.$typeValue.')';
break;
case 'text':
@@ -486,4 +752,238 @@ class db
}
+/**
+ * database query result class
+ *
+ * @package pxFramework
+ *
+ */
+class db_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $_iResId = null;
+ private $_iConnection = null;
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function db_result($iResId, $iConnection) {
+ $this->_iResId = $iResId;
+ $this->_iConnection = $iConnection;
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ public function rows() {
+ if(!is_object($this->_iResId)) return 0;
+ $iRows = mysqli_num_rows($this->_iResId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Get number of affected rows
+ *
+ * Returns the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int amount of affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnection)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnection);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ public function free() {
+ if(!is_object($this->_iResId)) return;
+
+ mysqli_free_result($this->_iResId);
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ public function get() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_assoc($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_row($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+}
+
+/**
+ * database query result class
+ *
+ * emulates a db result set out of an array so you can use array results and db results the same way
+ *
+ * @package pxFramework
+ * @see db_result
+ *
+ *
+ */
+class fakedb_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aResultData = array();
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aLimitedData = array();
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function fakedb_result($aData) {
+ $this->aResultData = $aData;
+ $this->aLimitedData = $aData;
+ reset($this->aLimitedData);
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ // Gibt die Anzahl Zeilen zurück
+ public function rows() {
+ return count($this->aLimitedData);
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ // Gibt ein Ergebnisset frei
+ public function free() {
+ $this->aResultData = array();
+ $this->aLimitedData = array();
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ // Gibt eine Ergebniszeile zurück
+ public function get() {
+ $aItem = null;
+
+ if(!is_array($this->aLimitedData)) return $aItem;
+
+ if(list($vKey, $aItem) = each($this->aLimitedData)) {
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ return $this->get();
+ }
+
+
+
+ /**
+ * Limit the result (like a LIMIT x,y in a SQL query)
+ *
+ * @access public
+ * @param int $iStart offset to start read
+ * @param int iLength amount of datasets to read
+ */
+ public function limit_result($iStart, $iLength) {
+ $this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);
+ }
+
+}
+
+
?>
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index d2d11bf11e3e381683796139da54743f33e92777..1813a19a21e00e7184d24cba5be16f29f573ff92 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -124,7 +124,7 @@ function updateDbAndIni() {
global $inst, $conf;
//* Update $conf array with values from the server.ini that shall be preserved
- $tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
$current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;
@@ -218,8 +218,8 @@ function updateDbAndIni() {
}
//* update the database version in server table
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
- if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
//* If ISPConfig Version < 3.0.3, we will do a full db update
@@ -228,7 +228,7 @@ function updateDbAndIni() {
swriteln($inst->lng('Starting full database update.'));
//** Delete the old database
- if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) {
+ if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.');
}
@@ -239,7 +239,7 @@ function updateDbAndIni() {
$db_tables = $inst->db->getTables();
foreach($db_tables as $table) {
- $inst->db->query("TRUNCATE $table");
+ $inst->db->query("TRUNCATE ??", $table);
}
//** load old data back into database
@@ -262,15 +262,15 @@ function updateDbAndIni() {
}
//* update the database version in server table
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
- if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
if ($conf['powerdns']['installed']) {
swriteln($inst->lng('Starting full PowerDNS database update.'));
//** Delete the old PowerDNS database
- if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) {
+ if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.');
}
@@ -288,7 +288,7 @@ function updateDbAndIni() {
//** Update server ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
@@ -344,12 +344,12 @@ function updateDbAndIni() {
}
$new_ini = array_to_ini($tpl_ini_array);
- $sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
- $inst->db->query($sql);
+ $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+ $inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']);
if($inst->db->dbHost != $inst->dbmaster->dbHost) {
- $sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
- $inst->dbmaster->query($sql);
+ $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+ $inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']);
}
unset($old_ini_array);
unset($tpl_ini_array);
@@ -357,7 +357,7 @@ function updateDbAndIni() {
//** Update system ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1");
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini");
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));
@@ -372,11 +372,11 @@ function updateDbAndIni() {
}
$new_ini = array_to_ini($tpl_ini_array);
- $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1');
+ $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini');
if($tmp['number'] == 0) {
- $inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");
+ $inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
} else {
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");
+ $inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
}
unset($old_ini_array);
unset($tpl_ini_array);
@@ -385,4 +385,24 @@ function updateDbAndIni() {
+function setDefaultServers(){
+ global $inst, $conf;
+
+ // clients
+ $clients = $inst->db->queryAllRecords("SELECT * FROM ".$conf["mysql"]["database"].".client");
+ if(is_array($clients) && !empty($clients)){
+ foreach($clients as $client){
+ // mailserver
+ if(trim($client['mail_servers']) == '') $inst->db->query("UPDATE ?? SET mail_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_mailserver']), $client['client_id']);
+ // webserver
+ if(trim($client['web_servers']) == '') $inst->db->query("UPDATE ?? SET web_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_webserver']), $client['client_id']);
+ // dns server
+ if(trim($client['dns_servers']) == '') $inst->db->query("UPDATE ?? SET dns_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dnsserver']), $client['client_id']);
+ // db server
+ if(trim($client['db_servers']) == '') $inst->db->query("UPDATE ?? SET db_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dbserver']), $client['client_id']);
+ }
+ }
+
+}
+
?>
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 221fde9ef6a2d58500392fbda8ba14e316bdcef5..2b9c168d83209e8629d91dcb6d4b0c7d5ab159c0 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -20,7 +20,7 @@ mbox={EMAIL}.
refresh=7200
retry=540
expire=604800
-minimum=86400
+minimum=3600
ttl=3600
[DNS_RECORDS]
@@ -135,3 +135,10 @@ CREATE TABLE `xmpp_user` (
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
+
+UPDATE `dbispconfig`.`sys_ini` SET `default_logo` = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC' WHERE `sys_ini`.`sysini_id` = 1;
+
+ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NULL DEFAULT '' AFTER `customer_viewable`;
+ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
+ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
+ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 229f76d92cfe18fd637181eb4c4eb614ea72d16f..381c6fd2df60720458bdc251b6bb92b98f14f6f0 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -201,7 +201,7 @@ CREATE TABLE `client` (
`limit_web_ip` text,
`limit_web_domain` int(11) NOT NULL DEFAULT '-1',
`limit_web_quota` int(11) NOT NULL DEFAULT '-1',
- `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm',
+ `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm',
`limit_cgi` enum('n','y') NOT NULL DEFAULT 'n',
`limit_ssi` enum('n','y') NOT NULL DEFAULT 'n',
`limit_perl` enum('n','y') NOT NULL DEFAULT 'n',
@@ -442,6 +442,7 @@ CREATE TABLE IF NOT EXISTS `directive_snippets` (
`type` varchar(255) DEFAULT NULL,
`snippet` mediumtext,
`customer_viewable` ENUM('n','y') NOT NULL DEFAULT 'n',
+ `required_php_snippets` varchar(255) NOT NULL DEFAULT '',
`active` enum('n','y') NOT NULL DEFAULT 'y',
PRIMARY KEY (`directive_snippets_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -465,7 +466,7 @@ CREATE TABLE `dns_rr` (
`type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
- `ttl` int(11) unsigned NOT NULL default '86400',
+ `ttl` int(11) unsigned NOT NULL default '3600',
`active` enum('N','Y') NOT NULL default 'Y',
`stamp` timestamp NOT NULL default CURRENT_TIMESTAMP,
`serial` int(10) unsigned default NULL,
@@ -517,8 +518,8 @@ CREATE TABLE `dns_soa` (
`refresh` int(11) unsigned NOT NULL default '28800',
`retry` int(11) unsigned NOT NULL default '7200',
`expire` int(11) unsigned NOT NULL default '604800',
- `minimum` int(11) unsigned NOT NULL default '86400',
- `ttl` int(11) unsigned NOT NULL default '86400',
+ `minimum` int(11) unsigned NOT NULL default '3600',
+ `ttl` int(11) unsigned NOT NULL default '3600',
`active` enum('N','Y') NOT NULL DEFAULT 'N',
`xfer` varchar(255) NOT NULL DEFAULT '',
`also_notify` varchar(255) default NULL,
@@ -1622,6 +1623,8 @@ CREATE TABLE `sys_group` (
CREATE TABLE `sys_ini` (
`sysini_id` int(11) unsigned NOT NULL auto_increment,
`config` longtext,
+ `default_logo` text NOT NULL,
+ `custom_logo` text NOT NULL,
PRIMARY KEY (`sysini_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -2315,7 +2318,7 @@ INSERT INTO `country` (`iso`, `name`, `printable_name`, `iso3`, `numcode`, `eu`)
-- Dumping data for table `dns_template`
--
-INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=86400\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
+INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=3600\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
-- --------------------------------------------------------
@@ -2370,7 +2373,7 @@ INSERT INTO `sys_group` (`groupid`, `name`, `description`, `client_id`) VALUES (
-- Dumping data for table `sys_ini`
--
-INSERT INTO `sys_ini` (`sysini_id`, `config`) VALUES (1, '');
+INSERT INTO `sys_ini` (`sysini_id`, `config`, `default_logo`, `custom_logo`) VALUES (1, '', 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC', '');
-- --------------------------------------------------------
diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
index 1b9d9dc1555935880984885001fc97a14949ff70..ee77f4e20e0416e7638d2be6e306e920ea6340f9 100644
--- a/install/tpl/debian6_dovecot2.conf.master
+++ b/install/tpl/debian6_dovecot2.conf.master
@@ -7,6 +7,7 @@ mail_privileged_group = vmail
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
ssl_protocols = !SSLv2 !SSLv3
+mail_max_userip_connections = 100
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
@@ -21,6 +22,7 @@ userdb {
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve=/var/vmail/%d/%n/.sieve
+ sieve_max_redirects = 25
}
service auth {
unix_listener /var/spool/postfix/private/auth {
@@ -44,7 +46,7 @@ service lmtp {
}
service imap-login {
client_limit = 1000
- process_limit = 500
+ process_limit = 512
}
protocol imap {
mail_plugins = quota imap_quota
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
index aaebe37b490af49500d9fb272225cec919102b5d..39cf60fbe4de972a87deb006aab7f092284710fb 100644
--- a/install/tpl/debian_dovecot2.conf.master
+++ b/install/tpl/debian_dovecot2.conf.master
@@ -8,6 +8,7 @@ postmaster_address = postmaster@example.com
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
ssl_protocols = !SSLv2 !SSLv3
+mail_max_userip_connections = 100
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
@@ -22,6 +23,7 @@ userdb {
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve=/var/vmail/%d/%n/.sieve
+ sieve_max_redirects = 25
}
service auth {
unix_listener /var/spool/postfix/private/auth {
@@ -45,7 +47,7 @@ service lmtp {
}
service imap-login {
client_limit = 1000
- process_limit = 500
+ process_limit = 512
}
protocol imap {
mail_plugins = quota imap_quota
diff --git a/install/tpl/mysql-virtual_outgoing_bcc.cf.master b/install/tpl/mysql-virtual_outgoing_bcc.cf.master
new file mode 100644
index 0000000000000000000000000000000000000000..6ca154f3b9fefc2d55610a30ef13c158a826ae1d
--- /dev/null
+++ b/install/tpl/mysql-virtual_outgoing_bcc.cf.master
@@ -0,0 +1,8 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+table = mail_user
+select_field = sender_cc
+where_field = email
+additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disablesmtp = 'n'
+hosts = 127.0.0.1
\ No newline at end of file
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 20dca2d42faaf5342aad8812d8e22333022d0dc5..4259222c86629ea8068f4b9a2ecd10315be52815 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -16,7 +16,7 @@ firewall=bastille
loglevel=2
admin_notify_events=1
backup_dir=/var/backup
-backup_dir_is_mount=n
+backup_dir_is_mount=y
backup_mode=rootgz
backup_delete=y
monit_url=
@@ -77,6 +77,7 @@ apps_vhost_ip=_default_
apps_vhost_servername=
php_open_basedir=[website_path]/web:[website_path]/private:[website_path]/tmp:/var/www/[website_domain]/web:/srv/www/[website_domain]/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
htaccess_allow_override=All
+enable_spdy=y
awstats_conf_dir=/etc/awstats
awstats_data_dir=/var/lib/awstats
awstats_pl=/usr/lib/cgi-bin/awstats.pl
diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index 74ab068ecb5df9c318fa03322cf7243db673217a..92ae518697a8a1938f5ae9219c2bd634da6d2945 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -8,6 +8,9 @@
[mail]
enable_custom_login=n
+mailbox_show_autoresponder_tab=y
+mailbox_show_mail_filter_tab=y
+mailbox_show_custom_rules_tab=y
mailboxlist_webmail_link=y
webmail_url=/webmail
dkim_path=/var/lib/amavis/dkim
diff --git a/install/uninstall.php b/install/uninstall.php
index 56cf0eb58b7bee9fb4ffb4d6c54c57470f30b0e1..111f57466311f6c70f017a4654c192603fc3305c 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -60,14 +60,6 @@ if($do_uninstall == 'yes') {
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
- // Delete the ISPConfig database
- // $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
- // $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
-
-// exec("/etc/init.d/mysql stop");
-// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
-// exec("/etc/init.d/mysql start");
-
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
diff --git a/install/update.php b/install/update.php
index 8e05318ae126f60557aca7830f7b5ae315efac48..43942943f1073a049720d3524b7657634fb83d3b 100644
--- a/install/update.php
+++ b/install/update.php
@@ -267,10 +267,8 @@ if($conf['mysql']['master_slave_setup'] == 'y') {
// initialize the connection to the master database
$inst->dbmaster = new db();
if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
- $inst->dbmaster->dbHost = $conf['mysql']["master_host"];
- $inst->dbmaster->dbName = $conf['mysql']["master_database"];
- $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];
- $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];
+ $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);
+ $inst->dbmaster->setDBName($conf['mysql']["master_database"]);
} else {
$inst->dbmaster = $inst->db;
}
@@ -513,6 +511,11 @@ if($reconfigure_services_answer == 'yes') {
}
}
+//* Set default servers
+setDefaultServers();
+
+$inst->create_mount_script();
+
//* Create md5 filelist
$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';
exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 75068744f9f59b042d917bc5f97daa6e736c6f84..949f1643cf1f12d78611adf0f027b3452ffa387e 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -155,15 +155,15 @@ class app {
public function conf($plugin, $key, $value = null) {
if(is_null($value)) {
- $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
if($tmpconf) return $tmpconf['value'];
else return null;
} else {
if($value === false) {
- $this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
return null;
} else {
- $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
+ $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
return $value;
}
}
@@ -179,8 +179,8 @@ class app {
$server_id = 0;
$priority = $this->functions->intval($priority);
$tstamp = time();
- $msg = $this->db->quote('[INTERFACE]: '.$msg);
- $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+ $msg = '[INTERFACE]: '.$msg;
+ $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
/*
if (is_writable($this->_conf['log_file'])) {
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
diff --git a/interface/lib/classes/aps_crawler.inc.php b/interface/lib/classes/aps_crawler.inc.php
index 4a6409227ea018a2e22ac8b745516f8511203327..9331e4298aca26eb9419566da0c9d1d1beae6013 100644
--- a/interface/lib/classes/aps_crawler.inc.php
+++ b/interface/lib/classes/aps_crawler.inc.php
@@ -356,15 +356,8 @@ class ApsCrawler extends ApsBase
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
- /*
- $app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
- */
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
- $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
+ $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_OUTDATED), 'id', $tmp['id']);
unset($tmp);
}
@@ -539,14 +532,12 @@ class ApsCrawler extends ApsBase
// Get registered packages and mark non-existant packages with an error code to omit the install
$existing_packages = array();
- $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
+ $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
foreach($path_query as $path) $existing_packages[] = $path['Path'];
$diff = array_diff($existing_packages, $pkg_list);
foreach($diff as $todelete) {
- /*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
- WHERE path = '".$app->db->quote($todelete)."';");*/
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
- $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
+ $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_ERROR_NOMETA), 'id', $tmp['id']);
unset($tmp);
}
@@ -576,20 +567,17 @@ class ApsCrawler extends ApsBase
//$pkg_url = $this->app_download_url_list[$pkg];
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
- /*
- $app->db->query("INSERT INTO `aps_packages`
- (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
- ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
- '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
- ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
- */
// Insert only if data is complete
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
- $insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
- ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
- '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
- ".$app->db->quote($pkg_release).", '".$app->db->quote($pkg_url)."', ".PACKAGE_ENABLED.");";
-
+ $insert_data = array(
+ "path" => $pkg,
+ "name" => $pkg_name,
+ "category" => $pkg_category,
+ "version" => $pkg_version,
+ "release" => $pkg_release,
+ "package_url" => $pkg_url,
+ "package_status" => PACKAGE_ENABLED
+ );
$app->db->datalogInsert('aps_packages', $insert_data, 'id');
} else {
if(file_exists($this->interface_pkg_dir.'/'.$pkg)) $this->removeDirectory($this->interface_pkg_dir.'/'.$pkg);
@@ -619,12 +607,12 @@ class ApsCrawler extends ApsBase
// This method must be used in interface mode
if(!$this->interface_mode) return false;
- $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
+ $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
if($pkg_url != ''){
- $app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
+ $app->db->datalogUpdate('aps_packages', array("package_url" => $pkg_url), 'id', $incomplete_pkg['id']);
}
}
}
diff --git a/interface/lib/classes/aps_guicontroller.inc.php b/interface/lib/classes/aps_guicontroller.inc.php
index 1f186288699c2756bc4a063b786bbd317d3b0b54..db1c1487f77a5218867d11a82d8f02e165140662 100644
--- a/interface/lib/classes/aps_guicontroller.inc.php
+++ b/interface/lib/classes/aps_guicontroller.inc.php
@@ -100,7 +100,7 @@ class ApsGUIController extends ApsBase
$customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain
WHERE web_domain.sys_groupid = sys_group.groupid
- AND web_domain.domain = '".$app->db->quote($domain)."';");
+ AND web_domain.domain = ?", $domain);
if(!empty($customerdata)) $customerid = $customerdata['client_id'];
return $customerid;
@@ -122,14 +122,14 @@ class ApsGUIController extends ApsBase
$websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain
WHERE domain = (SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");");
+ WHERE name = 'main_domain' AND instance_id = ?)", $instanceid);
// If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged?
// Anyhow, remove this instance record because it's not useful at all
if(empty($websrv))
{
- $app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";");
- $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";");
+ $app->db->query("DELETE FROM aps_instances WHERE id = ?", $instanceid);
+ $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ?", $instanceid);
}
else $webserver_id = $websrv['server_id'];
@@ -154,9 +154,9 @@ class ApsGUIController extends ApsBase
$result = $app->db->queryOneRecord("SELECT id, name,
CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version
FROM aps_packages
- WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).")
+ WHERE name = (SELECT name FROM aps_packages WHERE id = ?)
AND package_status = 2
- ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC");
+ ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC", $id);
if(!empty($result) && ($id != $result['id'])) return $result['id'];
@@ -180,7 +180,7 @@ class ApsGUIController extends ApsBase
'package_status = '.PACKAGE_ENABLED.' AND' :
'(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND';
- $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";");
+ $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ?", $id);
if(!$result) return false;
return true;
@@ -203,9 +203,15 @@ class ApsGUIController extends ApsBase
if(preg_match('/^[0-9]+$/', $id) != 1) return false;
// Only filter if not admin
- $sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : '';
-
- $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';');
+ $params = array();
+ $sql_ext = '';
+ if(!$is_admin) {
+ $sql_ext = 'customer_id = ? AND ';
+ $params[] = $client_id;
+ }
+ $params[] = $id;
+
+ $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = ?', true, $params);
if(!$result) return false;
return true;
@@ -226,7 +232,7 @@ class ApsGUIController extends ApsBase
unset($tmp);
// get information if the webserver is a db server, too
- $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
+ $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ?", $websrv['server_id']);
if($web_server['db_server'] == 1) {
// create database on "localhost" (webserver)
$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
@@ -235,7 +241,7 @@ class ApsGUIController extends ApsBase
$mysql_db_remote_ips = '';
} else {
//* get the default database server of the client
- $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
+ $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $websrv['sys_groupid']);
if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
@@ -262,8 +268,8 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_name'])) {
//* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
+ $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);
if($tmp['number'] == 0) break;
}
$settings['main_database_name'] = $mysql_db_name;
@@ -271,27 +277,52 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_login'])) {
//* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
+ $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
+ $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);
if($tmp['number'] == 0) break;
}
$settings['main_database_login'] = $mysql_db_user;
}
//* Create the mysql database user if not existing
- $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = '".$app->db->quote($settings['main_database_login'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);
if(!$tmp) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
- VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))";
+ $insert_data = array("sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => 0,
+ "database_user" => $settings['main_database_login'],
+ "database_user_prefix" => $dbuser_prefix,
+ "database_password" => "PASSWORD('" . $settings['main_database_password'] . "')"
+ );
$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
}
else $mysql_db_user_id = $tmp['database_user_id'];
//* Create the mysql database if not existing
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($settings['main_database_name'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);
if($tmp['number'] == 0) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
- VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
+ $insert_data = array("sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => $mysql_db_server_id,
+ "parent_domain_id" => $websrv['domain_id'],
+ "type" => 'mysql',
+ "database_name" => $settings['main_database_name'],
+ "database_name_prefix" => $dbname_prefix,
+ "database_user_id" => $mysql_db_user_id,
+ "database_ro_user_id" => 0,
+ "database_charset" => '',
+ "remote_access" => $mysql_db_remote_access,
+ "remote_ips" => $mysql_db_remote_ips,
+ "backup_copies" => $websrv['backup_copies'],
+ "active" => 'y',
+ "backup_interval" => $websrv['backup_interval']
+ );
$app->db->datalogInsert('web_database', $insert_data, 'database_id');
}
@@ -312,7 +343,7 @@ class ApsGUIController extends ApsBase
$app->uses('tools_sites');
$webserver_id = 0;
- $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';");
+ $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $settings['main_domain']);
if(!empty($websrv)) $webserver_id = $websrv['server_id'];
$customerid = $this->getCustomerIDFromDomain($settings['main_domain']);
@@ -325,18 +356,18 @@ class ApsGUIController extends ApsBase
//* Set PHP mode to php-fcgi and enable suexec in website on apache servers / set PHP mode to PHP-FPM on nginx servers
if($web_config['server_type'] == 'apache') {
if(($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') && $websrv['php'] != 'php-fpm') {
- $app->db->datalogUpdate('web_domain', "php = 'fast-cgi', suexec = 'y'", 'domain_id', $websrv['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("php" => 'fast-cgi', "suexec" => 'y'), 'domain_id', $websrv['domain_id']);
}
} else {
// nginx
if($websrv['php'] != 'php-fpm' && $websrv['php'] != 'fast-cgi') {
- $app->db->datalogUpdate('web_domain', "php = 'php-fpm'", 'domain_id', $websrv['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("php" => 'php-fpm'), 'domain_id', $websrv['domain_id']);
}
}
//* Create the MySQL database for the application if necessary
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $packageid);
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
$sxe = $this->readInMetaFile($metafile);
@@ -345,21 +376,36 @@ class ApsGUIController extends ApsBase
// mysql-database-name is updated inside if not set already
if (!$this->createDatabaseForPackageInstance($settings, $websrv)) return false;
}
-
+
//* Insert new package instance
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
+ $insert_data = array(
+ "sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => $webserver_id,
+ "customer_id" => $customerid,
+ "package_id" => $packageid,
+ "instance_status" => INSTANCE_PENDING
+ );
$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
//* Insert all package settings
if(is_array($settings)) {
foreach($settings as $key => $value) {
- $insert_data = "(server_id, instance_id, name, value) VALUES (".$app->db->quote($webserver_id).",".$app->db->quote($InstanceID).", '".$app->db->quote($key)."', '".$app->db->quote($value)."')";
+ $insert_data = array(
+ "server_id" => $webserver_id,
+ "instance_id" => $InstanceID,
+ "name" => $key,
+ "value" => $value
+ );
$app->db->datalogInsert('aps_instances_settings', $insert_data, 'id');
}
}
//* Set package status to install afetr we inserted the settings
- $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $InstanceID);
+ $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_INSTALL), 'id', $InstanceID);
}
/**
@@ -371,28 +417,18 @@ class ApsGUIController extends ApsBase
public function deleteInstance($instanceid, $keepdatabase = false)
{
global $app;
- /*
- $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";");
-
- $webserver_id = $this->getInstanceDataForDatalog($instanceid);
- if($webserver_id == '') return;
-
- // Create a sys_datalog entry for deletion
- $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);
- $app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
- */
if (!$keepdatabase) {
- $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ? LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $instanceid);
if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
$database_user = $tmp['database_user_id'];
- $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'");
+ $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = ? OR `database_ro_user_id` = ?", $database_user, $database_user);
if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);
}
- $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid);
+ $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_REMOVE), 'id', $instanceid);
}
@@ -406,7 +442,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
@@ -528,7 +564,7 @@ class ApsGUIController extends ApsBase
if(in_array($postinput['main_domain'], $domains))
{
$docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($postinput['main_domain'])."';");
+ WHERE domain = ?", $postinput['main_domain']);
$new_path = $docroot['document_root'];
if(substr($new_path, -1) != '/') $new_path .= '/';
$new_path .= $main_location;
@@ -543,13 +579,13 @@ class ApsGUIController extends ApsBase
$instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain
FROM aps_instances AS i, aps_instances_settings AS s
WHERE i.id = s.instance_id AND s.name = 'main_domain'
- AND i.customer_id = '".$app->db->quote($customerid)."';");
+ AND i.customer_id = ?", $customerid);
for($i = 0; $i < count($instance_domains); $i++)
{
$used_path = '';
$doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';");
+ WHERE domain = ?", $instance_domains[$i]['domain']);
// Probably the domain settings were changed later, so make sure the doc_root
// is not empty for further validation
@@ -560,7 +596,7 @@ class ApsGUIController extends ApsBase
$location_for_domain = $app->db->queryOneRecord("SELECT value
FROM aps_instances_settings WHERE name = 'main_location'
- AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");
+ AND instance_id = ?", $instance_domains[$i]['instance_id']);
// The location might be empty but the DB return must not be false!
if($location_for_domain) $used_path .= $location_for_domain['value'];
@@ -693,7 +729,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 70c1722aedc9ff7b48226fa61d3f38cc0a6a105d..ae626b7e6fb65603ef53f2ca3bbf0143b746e1c6 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -57,7 +57,7 @@ class auth {
global $app, $conf;
$userid = $app->functions->intval($userid);
- $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
if($client['limit_client'] != 0) {
return true;
} else {
@@ -73,12 +73,12 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
if(!in_array($groupid, $groups)) $groups[] = $groupid;
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
@@ -95,7 +95,7 @@ class auth {
// simple query cache
if($this->client_limits===null)
- $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
// isn't client -> no limit
if(!$this->client_limits)
@@ -114,13 +114,13 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
$key = array_search($groupid, $groups);
unset($groups[$key]);
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
@@ -129,11 +129,32 @@ class auth {
public function check_module_permissions($module) {
// Check if the current user has the permissions to access this module
+ $module = trim(preg_replace('@\s+@', '', $module));
$user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);
- if(!in_array($module,$user_modules)) {
- // echo "LOGIN_REDIRECT:/index.php";
- header("Location: /index.php");
- exit;
+ if(strpos($module, ',') !== false){
+ $can_use_module = false;
+ $tmp_modules = explode(',', $module);
+ if(is_array($tmp_modules) && !empty($tmp_modules)){
+ foreach($tmp_modules as $tmp_module){
+ if($tmp_module != ''){
+ if(in_array($tmp_module,$user_modules)) {
+ $can_use_module = true;
+ break;
+ }
+ }
+ }
+ }
+ if(!$can_use_module){
+ // echo "LOGIN_REDIRECT:/index.php";
+ header("Location: /index.php");
+ exit;
+ }
+ } else {
+ if(!in_array($module,$user_modules)) {
+ // echo "LOGIN_REDIRECT:/index.php";
+ header("Location: /index.php");
+ exit;
+ }
}
}
diff --git a/interface/lib/classes/client_templates.inc.php b/interface/lib/classes/client_templates.inc.php
index 993936b2cead67d8b1359ed5399c3933364eafcf..e3141d792ea83332e05b8eef160c7f97f76c0fdf 100644
--- a/interface/lib/classes/client_templates.inc.php
+++ b/interface/lib/classes/client_templates.inc.php
@@ -49,7 +49,7 @@ class client_templates {
if($old_style == true) {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
foreach($in_db as $item) {
if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@ class client_templates {
if($count > 0) {
// add new template to client (includes those from old-style without assigned_template_id)
for($i = $count; $i > 0; $i--) {
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
}
} elseif($count < 0) {
// remove old ones
for($i = $count; $i < 0; $i++) {
- $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
}
}
}
} else {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
// check which templates were removed from this client
foreach($in_db as $item) {
if(in_array($item['assigned_template_id'], $used_assigned) == false) {
// delete this one
- $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
}
}
}
@@ -86,7 +86,7 @@ class client_templates {
if(count($new_tpl) > 0) {
foreach($new_tpl as $item) {
// add new template to client (includes those from old-style without assigned_template_id)
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
}
}
}
@@ -106,8 +106,8 @@ class client_templates {
/*
* Get the master-template for the client
*/
- $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
+ $record = $app->db->queryOneRecord($sql, $clientId);
$masterTemplateId = $record['template_master'];
$is_reseller = ($record['limit_client'] != 0)?true:false;
@@ -115,15 +115,15 @@ class client_templates {
// we have to call the update_client_templates function
$templates = explode('/', $record['template_additional']);
$this->update_client_templates($clientId, $templates);
- $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
}
/*
* if the master-Template is custom there is NO changing
*/
if ($masterTemplateId > 0){
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
- $limits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $limits = $app->db->queryOneRecord($sql, $masterTemplateId);
} else {
// if there is no master template it makes NO SENSE adding sub templates.
// adding subtemplates are stored in client limits, so they would add up
@@ -136,11 +136,11 @@ class client_templates {
* if != -1)
*/
$addTpl = explode('/', $additionalTemplateStr);
- $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
foreach ($addTpls as $addTpl){
$item = $addTpl['client_template_id'];
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
- $addLimits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $addLimits = $app->db->queryOneRecord($sql, $item);
$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
/* maybe the template is deleted in the meantime */
if (is_array($addLimits)){
@@ -232,6 +232,7 @@ class client_templates {
* Write all back to the database
*/
$update = '';
+ $update_values = array();
if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
foreach($limits as $k => $v){
if (strpos($k, 'default') !== false and $v == 0) {
@@ -239,13 +240,16 @@ class client_templates {
}
if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
if ($update != '') $update .= ', ';
- $update .= '`' . $k . "`='" . $v . "'";
+ $update .= '?? = ?';
+ $update_values[] = $k;
+ $update_values[] = $v;
}
}
+ $update_values[] = $clientId;
$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
if($update != '') {
- $sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
- $app->db->query($sql);
+ $sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
+ $app->db->query($sql, true, $update_values);
}
unset($form);
}
diff --git a/interface/lib/classes/custom_datasource.inc.php b/interface/lib/classes/custom_datasource.inc.php
index 16036f599c3fe94803cabe98a3cfd3592f7de7dd..414de29dcc0bdc7a87d327b5f7d3c6da66a590b9 100644
--- a/interface/lib/classes/custom_datasource.inc.php
+++ b/interface/lib/classes/custom_datasource.inc.php
@@ -47,12 +47,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -69,12 +69,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_slave_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -99,7 +99,7 @@ class custom_datasource {
}
if(count($server_ids) == 0) return array();
$server_ids = implode(',', $server_ids);
- $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+ $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN ? AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain", $server_ids);
$records_new = array();
if(is_array($records)) {
@@ -159,22 +159,25 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?";
+ $client = $app->db->queryOneRecord($sql, $client_group_id);
if($client['server_id'] > 0) {
//* Select the default server for the client
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $client['server_id']);
} else {
//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
} else {
//* The logged in user is admin, so we show him all available servers of a specific type.
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
- $records = $app->db->queryAllRecords($sql);
+
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index 59dcff88ad1cfada2f7477e7ec1a77f72f7d925a..e4c8d319671e5dd14d32fef84c7ba30699a705b1 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -128,8 +128,10 @@ class db extends mysqli
$sTxt = $this->escape($sValue);
$sTxt = str_replace('`', '', $sTxt);
- if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
- else $sTxt = '`' . $sTxt . '`';
+ if(strpos($sTxt, '.') !== false) {
+ $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ $sTxt = str_replace('.`*`', '.*', $sTxt);
+ } else $sTxt = '`' . $sTxt . '`';
$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
$iPos2 += strlen($sTxt);
@@ -137,13 +139,17 @@ class db extends mysqli
} else {
if(is_int($sValue) || is_float($sValue)) {
$sTxt = $sValue;
- } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ } elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
- $sTxt = '';
- foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
- $sTxt = '(' . substr($sTxt, 1) . ')';
- if($sTxt == '()') $sTxt = '(0)';
+ if(isset($sValue['SQL'])) {
+ $sTxt = $sValue['SQL'];
+ } else {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ }
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
@@ -534,7 +540,27 @@ class db extends mysqli
}
return $out;
}
-
+
+ public function insertFromArray($tablename, $data) {
+ if(!is_array($data)) return false;
+
+ $k_query = '';
+ $v_query = '';
+
+ $params = array($tablename);
+ $v_params = array();
+
+ foreach($data as $key => $value) {
+ $k_query .= ($k_query != '' ? ', ' : '') . '??';
+ $v_query .= ($v_query != '' ? ', ' : '') . '?';
+ $params[] = $key;
+ $v_params[] = $value;
+ }
+
+ $query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
+ return $this->query($query, true, $params + $v_params);
+ }
+
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
$diff_num = 0;
@@ -578,7 +604,6 @@ class db extends mysqli
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
- $primary_field = $this->quote($primary_field);
$primary_id = intval($primary_id);
if($force_update == true) {
@@ -626,20 +651,27 @@ class db extends mysqli
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
+ $params = array($tablename);
+ $v_params = array();
foreach($insert_data as $key => $val) {
- $key_str .= "`".$key ."`,";
- $val_str .= "'".$this->escape($val)."',";
+ $key_str .= '??,';
+ $params[] = $key;
+
+ $val_str .= '?,';
+ $v_params[] = $val;
}
$key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1);
$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
+ $this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
} else {
+ /* TODO: deprecate this method! */
$insert_data_str = $insert_data;
+ $this->query("INSERT INTO ?? $insert_data_str", $tablename);
+ $app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
- /* TODO: reduce risk of insert_data_str! */
-
+
$old_rec = array();
- $this->query("INSERT INTO ?? $insert_data_str", $tablename);
$index_value = $this->insertID();
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
@@ -658,17 +690,24 @@ class db extends mysqli
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
+ $params = array($tablename);
$update_data_str = '';
foreach($update_data as $key => $val) {
- $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";
+ $update_data_str .= '?? = ?,';
+ $params[] = $key;
+ $params[] = $val;
}
+ $params[] = $index_field;
+ $params[] = $index_value;
$update_data_str = substr($update_data_str, 0, -1);
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);
} else {
+ /* TODO: deprecate this method! */
$update_data_str = $update_data;
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
}
- /* TODO: reduce risk of update_data_str */
- $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 2be5fb7df0bbd98c55bcf01a8ca87d5f863a3901..43eec67fc89467b4003fa6d712f88f480049e8e8 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -202,7 +202,7 @@ class functions {
}
$ips = array();
- $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");
+ $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])){
@@ -230,39 +230,6 @@ class functions {
}
}
- /*
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_slave WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_soa WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT also_notify FROM dns_soa WHERE also_notify != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['also_notify']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- */
-
$results = $app->db->queryAllRecords("SELECT remote_ips FROM web_database WHERE remote_ips != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
@@ -413,6 +380,15 @@ class functions {
return true;
}
+
+ public function getimagesizefromstring($string){
+ if (!function_exists('getimagesizefromstring')) {
+ $uri = 'data://application/octet-stream;base64,' . base64_encode($string);
+ return getimagesize($uri);
+ } else {
+ return getimagesizefromstring($string);
+ }
+ }
}
diff --git a/interface/lib/classes/getconf.inc.php b/interface/lib/classes/getconf.inc.php
index a246b1853c13d04339d1a6e1c6f04c0d9e99ab85..ef9e0702d212db0b3a773b4c5a0dc900af8e4153 100644
--- a/interface/lib/classes/getconf.inc.php
+++ b/interface/lib/classes/getconf.inc.php
@@ -39,7 +39,7 @@ class getconf {
if(!isset($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = $app->functions->intval($server_id);
- $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
+ $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
return ($section == '') ? $this->config[$server_id] : $this->config[$server_id][$section];
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index cc3f761ae33a7b41704c11e32292912bcd0833aa..c8a9225a2f0e5468050074a1030c0b0bc1cf4840 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -246,6 +246,7 @@ class listform {
return $this->pagingValues[$key];
}
+ /* TODO: maybe rewrite sql */
public function getPagingSQL($sql_where = '1')
{
global $app, $conf;
@@ -283,7 +284,7 @@ class listform {
if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
$sql_von = $app->functions->intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
- $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where");
+ $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);
$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
@@ -482,7 +483,8 @@ class listform {
}
return $record;
}
-
+
+ /* TODO: check double quoting of SQL */
public function encode($record)
{
global $app;
diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index 0062d8e3ae6725eb8e3f3b912d6666f2f3dc2e85..3a3ac6e129a2624e8c3f41d434ce42413d484560 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -190,6 +190,7 @@ class listform_actions {
return $rec;
}
+ /* TODO: maybe rewrite SQL */
public function getQueryString($no_limit = false) {
global $app;
$sql_where = '';
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index c399d87622a01c353c4b93a6dbd54389c246cdbc..f47a819a5b29b6b20dc83a84e5695b46981382e6 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -56,56 +56,42 @@ class plugin_backuplist extends plugin_base {
$backup_id = $app->functions->intval($_GET['backup_id']);
//* check if the user is owner of the parent domain
- $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
+ $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);
$check_perm = 'u';
if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
- $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));
+ $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);
if(empty($get_domain) || !$get_domain) {
$app->error($app->tform->lng('no_domain_perm'));
}
if($_GET['backup_action'] == 'download' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['download_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['download_pending_txt'];
}
}
if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_restore', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -115,8 +101,8 @@ class plugin_backuplist extends plugin_base {
//* Get the data
$server_ids = array_unique($server_ids);
- $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
- $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ".$app->functions->intval($this->form->id));
+ $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
+ $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
if(is_array($databases) && !empty($databases)){
foreach($databases as $database){
@@ -124,8 +110,8 @@ class plugin_backuplist extends plugin_base {
}
}
$server_ids = array_unique($server_ids);
- $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id IN (".implode(',', $server_ids).") ORDER BY tstamp DESC, backup_type ASC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
@@ -140,6 +126,10 @@ class plugin_backuplist extends plugin_base {
$rec['download_available'] = true;
if($rec['server_id'] != $web['server_id']) $rec['download_available'] = false;
+
+ if($rec['filesize'] > 0){
+ $rec['filesize'] = $app->functions->currency_format($rec['filesize']/(1024*1024), 'client').' MB';
+ }
$records_new[] = $rec;
}
diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php
index 847428389e82de6ca00ff742fe499571e76bd951..901901a3ed62cc7642d472809ef99ee99aa132c5 100644
--- a/interface/lib/classes/plugin_backuplist_mail.inc.php
+++ b/interface/lib/classes/plugin_backuplist_mail.inc.php
@@ -55,42 +55,15 @@ class plugin_backuplist_mail extends plugin_base {
if(isset($_GET['backup_action'])) {
$backup_id = $app->functions->intval($_GET['backup_id']);
-/*
- if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
- if($tmp['number'] == 0) {
- $message .= $wb['download_info_txt'];
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
- } else {
- $error .= $wb['download_pending_txt'];
- }
- }
-*/
+
if($_GET['backup_action'] == 'restore_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_restore_mail', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";
+ $app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -98,8 +71,8 @@ class plugin_backuplist_mail extends plugin_base {
}
//* Get the data
- $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ".$this->form->id." ORDER BY tstamp DESC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ? ORDER BY tstamp DESC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/plugin_dbhistory.inc.php b/interface/lib/classes/plugin_dbhistory.inc.php
index c6547311106ab330d4cee9975af6b18711f9b4b8..3ad5d42ec05c57a459047e6b342f59ff5979ae30 100644
--- a/interface/lib/classes/plugin_dbhistory.inc.php
+++ b/interface/lib/classes/plugin_dbhistory.inc.php
@@ -47,12 +47,13 @@ class plugin_dbhistory extends plugin_base {
$db_table_idx = $app->tform->formDef["db_table_idx"];
$primary_id = $this->form->id;
if($_SESSION["s"]["user"]["typ"] == 'admin') {
- $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+ $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";
+ $records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);
} else {
- $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+ $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";
+ $records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);
}
- $records = $app->db->queryAllRecords($sql);
if(is_array($records)) {
$content .= '<table>';
foreach($records as $rec) {
diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index e7d576cd17a58c9af14ac3e4f7761ed4ea520bbb..bc764caefe0dbb144b53d6c87826bad5edb0a637 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -126,7 +126,7 @@ class plugin_listview extends plugin_base {
// Get the data
- $records = $app->db->queryAllRecords("SELECT * FROM ".$app->listform->listDef["table"]." WHERE $sql_where $sql_order_by $limit_sql");
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE $sql_where $sql_order_by $limit_sql", $app->listform->listDef["table"]);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
@@ -174,6 +174,58 @@ class plugin_listview extends plugin_base {
$_SESSION["s"]["form"]["return_to"] = $list_name;
//die(print_r($_SESSION["s"]["list"][$list_name]));
+ // defaults
+ $listTpl->setVar('app_title', $app->_conf['app_title']);
+ if(isset($_SESSION['s']['user'])) {
+ $listTpl->setVar('app_version', $app->_conf['app_version']);
+ // get pending datalog changes
+ $datalog = $app->db->datalogStatus();
+ $listTpl->setVar('datalog_changes_txt', $app->lng('datalog_changes_txt'));
+ $listTpl->setVar('datalog_changes_end_txt', $app->lng('datalog_changes_end_txt'));
+ $listTpl->setVar('datalog_changes_count', $datalog['count']);
+ $listTpl->setLoop('datalog_changes', $datalog['entries']);
+ } else {
+ $listTpl->setVar('app_version', '');
+ }
+ $listTpl->setVar('app_link', $app->_conf['app_link']);
+
+ $listTpl->setVar('app_logo', $app->_conf['logo']);
+
+ $listTpl->setVar('phpsessid', session_id());
+
+ $listTpl->setVar('theme', $_SESSION['s']['theme']);
+ $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']);
+
+ $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation'));
+ //print_r($_SESSION);
+ if(isset($_SESSION['s']['module']['name'])) {
+ $listTpl->setVar('app_module', $_SESSION['s']['module']['name']);
+ }
+ if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
+ $listTpl->setVar('is_admin', 1);
+ }
+ if(isset($_SESSION['s']['user']) && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $listTpl->setVar('is_reseller', 1);
+ }
+ /* Show username */
+ if(isset($_SESSION['s']['user'])) {
+ $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']);
+ $listTpl->setVar('logout_txt', $app->lng('logout_txt'));
+ /* Show search field only for normal users, not mail users */
+ if(stristr($_SESSION['s']['user']['username'], '@')){
+ $listTpl->setVar('usertype', 'mailuser');
+ } else {
+ $listTpl->setVar('usertype', 'normaluser');
+ }
+ }
+
+ /* Global Search */
+ $listTpl->setVar('globalsearch_resultslimit_of_txt', $app->lng('globalsearch_resultslimit_of_txt'));
+ $listTpl->setVar('globalsearch_resultslimit_results_txt', $app->lng('globalsearch_resultslimit_results_txt'));
+ $listTpl->setVar('globalsearch_noresults_text_txt', $app->lng('globalsearch_noresults_text_txt'));
+ $listTpl->setVar('globalsearch_noresults_limit_txt', $app->lng('globalsearch_noresults_limit_txt'));
+ $listTpl->setVar('globalsearch_searchfield_watermark_txt', $app->lng('globalsearch_searchfield_watermark_txt'));
+
return $listTpl->grab();
}
diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 794db538b9e304efb04633f3d88f3eb98f1d95b5..24a3ce3d0d65a867640dbe165d14cb57be56a820 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -103,9 +103,9 @@ class quota_lib {
// select vhosts (belonging to client)
if($clientid != null){
- $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+ $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)";
}
- $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where);
+ $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where, $clientid);
$hostnames = array();
$traffic_data = array();
@@ -120,12 +120,12 @@ class quota_lib {
$tmp_year = date('Y');
$tmp_month = date('m');
// This Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_month'] = $tmp_rec['t'];
}
// This Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_year'] = $tmp_rec['t'];
}
@@ -133,21 +133,21 @@ class quota_lib {
$tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
$tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
// Last Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_month'] = $tmp_rec['t'];
}
$tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
// Last Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_year'] = $tmp_rec['t'];
}
if (is_int($lastdays) && ($lastdays > 0)) {
// Last xx Days
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ".$app->db->quote($lastdays)." DAY)) AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname");
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ? DAY)) AND hostname IN ? GROUP BY hostname", $lastdays, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['lastdays'] = $tmp_rec['t'];
}
diff --git a/interface/lib/classes/remote.d/admin.inc.php b/interface/lib/classes/remote.d/admin.inc.php
index ba966fe1aba371daaf03fcb19844fa1681f4b8c7..2541ca5c19f35bebd850e4a6f3435ea79bfd738c 100644
--- a/interface/lib/classes/remote.d/admin.inc.php
+++ b/interface/lib/classes/remote.d/admin.inc.php
@@ -60,7 +60,7 @@ class remoting_admin extends remoting {
switch($key) {
case 'sys_userid':
// check if userid is valid
- $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value));
if(!$check || !$check['userid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
return false;
@@ -69,7 +69,7 @@ class remoting_admin extends remoting {
break;
case 'sys_groupid':
// check if groupid is valid
- $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value));
if(!$check || !$check['groupid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
return false;
diff --git a/interface/lib/classes/remote.d/aps.inc.php b/interface/lib/classes/remote.d/aps.inc.php
index 78c066c5eb1298f06381d2b42be45bd186f9b5cb..b626f1b7abf6b21d7037b02b654a28af53495e9e 100644
--- a/interface/lib/classes/remote.d/aps.inc.php
+++ b/interface/lib/classes/remote.d/aps.inc.php
@@ -241,8 +241,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM web_domain WHERE domain = '".$app->db->quote($params['main_domain'])."'";
- $domain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain = ?";
+ $domain = $app->db->queryOneRecord($sql, $params['main_domain']);
if (!$domain) {
$this->server->fault('invalid parameters', 'No valid domain given.');
@@ -269,8 +269,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -283,8 +283,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ?";
+ $result = $app->db->queryAllRecords($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -301,8 +301,8 @@ class remoting_aps extends remoting {
$gui = new ApsGUIController($app);
// Check if Instance exists
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $primary_id);
if (!$result) {
$this->server->fault('instance_error', 'No valid instance id given.');
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index d780ec8533d19411fd18804c7771f72ece851a77..cccc04f110baa654e789d89f3ba0014afcfa2051 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -65,7 +65,7 @@ class remoting_client extends remoting {
if(isset($data['client_id'])) {
// this is a single record
if($data['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $data['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -78,7 +78,7 @@ class remoting_client extends remoting {
// multiple client records
foreach($data as $index => $client) {
if($client['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $client['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -104,7 +104,7 @@ class remoting_client extends remoting {
$sys_userid = $app->functions->intval($sys_userid);
- $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ".$sys_userid);
+ $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
if(isset($rec['client_id'])) {
return $app->functions->intval($rec['client_id']);
} else {
@@ -125,7 +125,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
if(is_array($rec)) {
return $rec;
@@ -145,7 +145,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
if(isset($rec['groupid'])) {
return $app->functions->intval($rec['groupid']);
} else {
@@ -169,7 +169,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -208,7 +208,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -221,7 +221,7 @@ class remoting_client extends remoting {
}
// we need the previuos templates assigned here
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $old_rec['template_additional']);
@@ -258,8 +258,8 @@ class remoting_client extends remoting {
}
if(@is_numeric($client_id)) {
- $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ".$client_id;
- return $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
+ return $app->db->queryOneRecord($sql, $client_id);
} else {
$this->server->fault('The ID must be an integer.');
return array();
@@ -270,10 +270,10 @@ class remoting_client extends remoting {
global $app;
$this->id = $client_id;
- $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ' . $client_id);
+ $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
$this->oldDataRecord = $this->dataRecord;
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -297,13 +297,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ' . $template_id);
+ $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -312,8 +312,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (" . $client_id . ", " . $template_id . ")";
- $app->db->query($sql);
+ $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
+ $app->db->query($sql, $client_id, $template_id);
$insert_id = $app->db->insertID();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -335,13 +335,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $assigned_template_id);
+ $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -350,8 +350,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = " . $template_id . " AND `client_id` = " . $client_id;
- $app->db->query($sql);
+ $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
+ $app->db->query($sql, $template_id, $client_id);
$affected_rows = $app->db->affectedRows();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -395,15 +395,15 @@ class remoting_client extends remoting {
if($client_id > 0) {
//* remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
//* delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
//* delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
//* Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
@@ -413,7 +413,7 @@ class remoting_client extends remoting {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -428,11 +428,11 @@ class remoting_client extends remoting {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
@@ -468,8 +468,7 @@ class remoting_client extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $username = $app->db->quote($username);
- $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$username."'");
+ $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
if (isset($rec)) {
return $rec;
} else {
@@ -477,6 +476,27 @@ class remoting_client extends remoting {
return false;
}
}
+
+ public function client_get_by_customer_no($session_id, $customer_no) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $customer_no = trim($customer_no);
+ if($customer_no == '') {
+ throw new SoapFault('permission_denied', 'There was no customer number specified.');
+ return false;
+ }
+ $customer_no = $app->db->quote($customer_no);
+ $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
+ if (isset($rec)) {
+ return $rec;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
+ return false;
+ }
+ }
/**
* Get All client_id's from database
@@ -517,13 +537,12 @@ class remoting_client extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ".$client_id);
+ $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
if($client['client_id'] > 0) {
- $new_password = $app->db->quote($new_password);
- $sql = "UPDATE client SET password = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
- $sql = "UPDATE sys_user SET passwort = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET password = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
return true;
} else {
throw new SoapFault('no_client_found', 'There is no user account for this client_id');
@@ -567,8 +586,8 @@ class remoting_client extends remoting {
}
//* Check failed logins
- $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
- $alreadyfailed = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
@@ -582,8 +601,8 @@ class remoting_client extends remoting {
if(strstr($username,'@')) {
// Check against client table
- $sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client WHERE email = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['password']);
@@ -614,8 +633,8 @@ class remoting_client extends remoting {
} else {
// Check against sys_user table
- $sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE username = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -649,15 +668,14 @@ class remoting_client extends remoting {
//* Log failed login attempts
if($user === false) {
- $time = time();
if(!$alreadyfailed['times'] ) {
//* user login the first time wrong
- $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";
- $app->db->query($sql);
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $remote_ip);
} elseif($alreadyfailed['times'] >= 1) {
//* update times wrong
- $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";
- $app->db->query($sql);
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $remote_ip);
}
}
diff --git a/interface/lib/classes/remote.d/dns.inc.php b/interface/lib/classes/remote.d/dns.inc.php
index 1e9526a12faf52db8bb00192e9655794021a886e..57f7040e28553377f1e34cf9b77dc178c557b98c 100644
--- a/interface/lib/classes/remote.d/dns.inc.php
+++ b/interface/lib/classes/remote.d/dns.inc.php
@@ -50,9 +50,9 @@ class remoting_dns extends remoting {
return false;
}
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ".$app->functions->intval($client_id));
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ?", $client_id);
$server_id = $client["default_dnsserver"];
- $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
+ $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
$tform_def_file = "../../web/dns/form/dns_soa.tform.php";
$app->uses('tform');
@@ -95,11 +95,11 @@ class remoting_dns extends remoting {
if($section == 'dns_records') {
$parts = explode('|', $row);
$dns_rr[] = array(
- 'name' => $app->db->quote($parts[1]),
- 'type' => $app->db->quote($parts[0]),
- 'data' => $app->db->quote($parts[2]),
- 'aux' => $app->db->quote($parts[3]),
- 'ttl' => $app->db->quote($parts[4])
+ 'name' => $parts[1],
+ 'type' => $parts[0],
+ 'data' => $parts[2],
+ 'aux' => $parts[3],
+ 'ttl' => $parts[4]
);
}
}
@@ -117,30 +117,62 @@ class remoting_dns extends remoting {
if($error == '') {
// Insert the soa record
- $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ".$app->functions->intval($client_id));
+ $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ?", $client_id);
$sys_userid = $tmp['userid'];
$sys_groupid = $tmp['default_group'];
unset($tmp);
- $origin = $app->db->quote($vars['origin']);
- $ns = $app->db->quote($vars['ns']);
- $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
- $refresh = $app->db->quote($vars['refresh']);
- $retry = $app->db->quote($vars['retry']);
- $expire = $app->db->quote($vars['expire']);
- $minimum = $app->db->quote($vars['minimum']);
- $ttl = $app->db->quote($vars['ttl']);
- $xfer = $app->db->quote($vars['xfer']);
- $also_notify = $app->db->quote($vars['also_notify']);
- $update_acl = $app->db->quote($vars['update_acl']);
+ $origin = $vars['origin'];
+ $ns = $vars['ns'];
+ $mbox = str_replace('@', '.', $vars['mbox']);
+ $refresh = $vars['refresh'];
+ $retry = $vars['retry'];
+ $expire = $vars['expire'];
+ $minimum = $vars['minimum'];
+ $ttl = $vars['ttl'];
+ $xfer = $vars['xfer'];
+ $also_notify = $vars['also_notify'];
+ $update_acl = $vars['update_acl'];
$serial = $app->validate_dns->increase_serial(0);
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => $xfer,
+ "also_notify" => $also_notify,
+ "update_acl" => $update_acl
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
// Insert the dns_rr records
if(is_array($dns_rr) && $dns_soa_id > 0) {
foreach($dns_rr as $rr) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
@@ -180,7 +212,7 @@ class remoting_dns extends remoting {
return false;
}
- $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like '".$origin."%'");
+ $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like ?", $origin."%");
if(isset($rec['id'])) {
return $app->functions->intval($rec['id']);
} else {
@@ -764,8 +796,8 @@ class remoting_dns extends remoting {
if (!empty($client_id) && !empty($server_id)) {
$server_id = $app->functions->intval($server_id);
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id AND server_id = $server_id";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ? AND server_id = ?";
+ $result = $app->db->queryAllRecords($sql, $client_id, $server_id);
return $result;
}
return false;
@@ -785,8 +817,8 @@ class remoting_dns extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($zone_id);;
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM dns_rr WHERE zone = ?";
+ $result = $app->db->queryAllRecords($sql, $zone_id);
return $result;
}
@@ -809,8 +841,8 @@ class remoting_dns extends remoting {
} else {
$status = 'N';
}
- $sql = "UPDATE dns_soa SET active = '$status' WHERE id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE dns_soa SET active = ? WHERE id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/domains.inc.php b/interface/lib/classes/remote.d/domains.inc.php
index 9bba710023f6d311b7a18673ba731e072d957c11..33830335d8989990cd1c4f4613ab290679763184 100644
--- a/interface/lib/classes/remote.d/domains.inc.php
+++ b/interface/lib/classes/remote.d/domains.inc.php
@@ -86,8 +86,8 @@ class remoting_domains extends remoting {
return false;
}
$group_id = $app->functions->intval($group_id);
- $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = $group_id ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = ?";
+ $all = $app->db->queryAllRecords($sql, $group_id);
return $all;
}
diff --git a/interface/lib/classes/remote.d/mail.inc.php b/interface/lib/classes/remote.d/mail.inc.php
index 29ff0d83b5cc80e13e00655aad3e888c0163d0ae..914777070b9ccc15746ad3bf055adab488f308e1 100644
--- a/interface/lib/classes/remote.d/mail.inc.php
+++ b/interface/lib/classes/remote.d/mail.inc.php
@@ -208,7 +208,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -235,7 +235,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -320,14 +320,16 @@ class remoting_mail extends remoting {
return false;
}
+ $params = array();
if ($site_id != null) {
- $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ".$app->functions->intval($site_id);
+ $params[] = $site_id;
+ $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ?";
}
else {
$sql = "SELECT * FROM mail_backup";
}
- $result = $app->db->queryAllRecords($sql);
+ $result = $app->db->queryAllRecords($sql, true, $params);
return $result;
}
@@ -342,7 +344,7 @@ class remoting_mail extends remoting {
}
//*Set variables
- $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`='$primary_id'");
+ $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`=?", $primary_id);
$server_id = $backup_record['server_id'];
//*Set default action state
@@ -361,14 +363,14 @@ class remoting_mail extends remoting {
}
//* Validate instance
- $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`='$primary_id' and `action_type`='$action_type' and `action_state`='pending'");
+ $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`=? and `action_type`=? and `action_state`='pending'", $primary_id, $action_type);
if ($instance_record['action_id'] >= 1) {
$this->server->fault('duplicate_action', "There is already a pending $action_type action");
return false;
}
//* Save the record
- if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = '$server_id', `tstamp` = '$tstamp', `action_type` = '$action_type', `action_param` = '$primary_id', `action_state` = '$action_state'")) {
+ if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = ?, `tstamp` = ?, `action_type` = ?, `action_param` = ?, `action_state` = ?", $server_id, $tstamp, $action_type, $primary_id, $action_state)) {
return true;
} else {
return false;
@@ -401,7 +403,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -423,7 +425,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -1059,9 +1061,8 @@ class remoting_mail extends remoting {
return false;
}
if (!empty($domain)) {
- $domain = $app->db->quote($domain);
- $sql = "SELECT * FROM mail_domain WHERE domain = '$domain'";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_domain WHERE domain = ?";
+ $result = $app->db->queryAllRecords($sql, $domain);
return $result;
}
return false;
@@ -1079,8 +1080,8 @@ class remoting_mail extends remoting {
} else {
$status = 'n';
}
- $sql = "UPDATE mail_domain SET active = '$status' WHERE domain_id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE mail_domain SET active = ? WHERE domain_id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/openvz.inc.php b/interface/lib/classes/remote.d/openvz.inc.php
index 4a087ccbc7e2d2c3df231d943869211fccbee439..c427a1f749e3f7eecf6e85cf00722eb155dda51f 100644
--- a/interface/lib/classes/remote.d/openvz.inc.php
+++ b/interface/lib/classes/remote.d/openvz.inc.php
@@ -159,7 +159,7 @@ class remoting_openvz extends remoting {
$server_id = $app->functions->intval($server_id);
if($server_id > 0) {
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = $server_id LIMIT 0,1");
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $server_id);
} else {
$tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -229,9 +229,9 @@ class remoting_openvz extends remoting {
if (!empty($client_id)) {
$client_id = $app->functions->intval($client_id);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
- $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ".$app->functions->intval($tmp['groupid']);
- $result = $app->db->queryAllRecords($sql);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+ $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ?";
+ $result = $app->db->queryAllRecords($sql, $tmp['groupid']);
return $result;
}
return false;
@@ -272,23 +272,23 @@ class remoting_openvz extends remoting {
}
// Verify if template and ostemplate exist
- $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = $template_id");
+ $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = ?", $template_id);
if(!is_array($tmp)) {
throw new SoapFault('template_id_error', 'Template does not exist.');
return false;
}
- $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = $ostemplate_id");
+ $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = ?", $ostemplate_id);
if(!is_array($tmp)) {
throw new SoapFault('ostemplate_id_error', 'OSTemplate does not exist.');
return false;
}
//* Get the template
- $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = $template_id");
+ $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $template_id);
//* Get the IP address and server_id
if($override_params['server_id'] > 0) {
- $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ".$override_params['server_id']." LIMIT 0,1");
+ $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $override_params['server_id']);
} else {
$vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -376,25 +376,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_start_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -425,25 +418,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_stop_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -474,25 +460,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_restart_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
diff --git a/interface/lib/classes/remote.d/server.inc.php b/interface/lib/classes/remote.d/server.inc.php
index 403530207151242fcef101c6052e507227bf1144..eb4a8b9846641d44865d345fa889b09cd2d6ef37 100644
--- a/interface/lib/classes/remote.d/server.inc.php
+++ b/interface/lib/classes/remote.d/server.inc.php
@@ -55,8 +55,8 @@ class remoting_server extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT server_id FROM server_ip WHERE ip_address = '$ipaddress' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server_ip WHERE ip_address = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $ipaddress);
return $all;
}
@@ -178,8 +178,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_name)) {
- $sql = "SELECT server_id FROM server WHERE server_name = '$server_name' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server WHERE server_name = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $server_name);
return $all;
} else {
return false;
@@ -200,8 +200,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_id)) {
- $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = '$server_id' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = ? LIMIT 1 ";
+ $all = $app->db->queryAllRecords($sql, $server_id);
return $all;
} else {
return false;
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index 05ba482cba76e201f6217a2975095bca96096cf3..ad3f2e3046f96e3e84c5d2ba75b15f7d767d08aa 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -102,7 +102,8 @@ class remoting_sites extends remoting {
$app->remoting_lib->loadFormDef('../sites/form/database.tform.php');
return $app->remoting_lib->getDataRecord($primary_id);
}
-
+
+ /* TODO: secure queries! */
//* Add a record
public function sites_database_add($session_id, $client_id, $params)
{
@@ -114,7 +115,7 @@ class remoting_sites extends remoting {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $params['database_name'], $params["server_id"]);
if($tmp['dbnum'] > 0) {
throw new SoapFault('database_name_error_unique', 'There is already a database with that name on the same server.');
return false;
@@ -135,7 +136,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);
}
@@ -169,7 +169,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);
}
@@ -239,7 +238,7 @@ class remoting_sites extends remoting {
$new_rec = $app->remoting_lib->getDataRecord($primary_id);
- $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = ? UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = ?", $primary_id, $primary_id);
foreach($records as $rec) {
$tmp_rec = $new_rec;
$tmp_rec['server_id'] = $rec['server_id'];
@@ -265,14 +264,14 @@ class remoting_sites extends remoting {
$app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);
$affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php', $primary_id);
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);
}
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);
}
return $affected_rows;
@@ -336,7 +335,7 @@ class remoting_sites extends remoting {
return false;
}
- $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = '".$app->db->quote($ftp_user)."'");
+ $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = ?", $ftp_user);
//file_put_contents('/tmp/test.txt', serialize($data));
if(!isset($data['server_id'])) return false;
@@ -406,7 +405,7 @@ class remoting_sites extends remoting {
return false;
}
$app->uses('remoting_lib');
- $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+ $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
return $app->remoting_lib->getDataRecord($primary_id);
}
@@ -420,7 +419,7 @@ class remoting_sites extends remoting {
}
if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client_id));
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$params['client_group_id'] = $rec['groupid'];
}
@@ -435,9 +434,9 @@ class remoting_sites extends remoting {
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
- $domain_id = $this->insertQuery('../sites/form/web_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
+ $domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
if ($readonly === true)
- $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
+ $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ?", $domain_id);
return $domain_id;
}
@@ -455,7 +454,7 @@ class remoting_sites extends remoting {
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
- $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', $client_id, $primary_id, $params);
+ $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);
return $affected_rows;
}
@@ -466,7 +465,7 @@ class remoting_sites extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $affected_rows = $this->deleteQuery('../sites/form/web_domain.tform.php', $primary_id);
+ $affected_rows = $this->deleteQuery('../sites/form/web_vhost_domain.tform.php', $primary_id);
return $affected_rows;
}
@@ -751,7 +750,7 @@ class remoting_sites extends remoting {
}
// Delete all users that belong to this folder. - taken from web_folder_delete.php
- $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $primary_id);
foreach($records as $rec) {
$this->deleteQuery('../sites/form/web_folder_user.tform.php', $rec['web_folder_user_id']);
//$app->db->datalogDelete('web_folder_user','web_folder_user_id',$rec['web_folder_user_id']);
@@ -865,11 +864,11 @@ class remoting_sites extends remoting {
} else {
$status = 'n';
}
- $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+ $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
$params = $app->remoting_lib->getDataRecord($primary_id);
$params['active'] = $status;
- $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', 0, $primary_id, $params);
+ $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', 0, $primary_id, $params);
return $affected_rows;
} else {
throw new SoapFault('status_undefined', 'The status is not available');
@@ -889,8 +888,8 @@ class remoting_sites extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ?";
+ $all = $app->db->queryAllRecords($sql, $client_id);
return $all;
}
@@ -904,7 +903,7 @@ class remoting_sites extends remoting {
return false;
}
- $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $app->functions->intval($site_id));
+ $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $site_id);
return $result;
}
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index f42d22b070c655daa835c69659e65b365c163a8e..204aebb15c08e7c33e7f86c0c992de474959009a 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -90,15 +90,12 @@ class remoting {
}
//* Delete old remoting sessions
- $sql = "DELETE FROM remote_session WHERE tstamp < ".time();
+ $sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()";
$app->db->query($sql);
- $username = $app->db->quote($username);
- $password = $app->db->quote($password);
-
if($client_login == true) {
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -127,7 +124,7 @@ class remoting {
}
// now we need the client data
- $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($user['default_group']));
+ $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']);
if(!$client || $client['can_use_api'] != 'y') {
throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.');
return false;
@@ -140,13 +137,12 @@ class remoting {
$remote_functions = '';
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',1,$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, 1, $tstamp)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
- $sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
- $remote_user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";
+ $remote_user = $app->db->queryOneRecord($sql, $username, $password);
if($remote_user['remote_userid'] > 0) {
//* Create a remote user session
//srand ((double)microtime()*1000000);
@@ -155,9 +151,8 @@ class remoting {
$remote_functions = $remote_user['remote_functions'];
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, ?)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
throw new SoapFault('login_failed', 'The login failed. Username or password wrong.');
@@ -177,10 +172,8 @@ class remoting {
return false;
}
- $session_id = $app->db->quote($session_id);
-
- $sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
- if($app->db->query($sql) != false) {
+ $sql = "DELETE FROM remote_session WHERE remote_session = ?";
+ if($app->db->query($sql, $session_id) != false) {
return true;
} else {
return false;
@@ -203,8 +196,8 @@ class remoting {
$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);
//* Check if no system user with that username exists
- $username = $app->db->quote($params["username"]);
- $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = '$username'");
+ $username = $params["username"];
+ $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);
if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />";
//* Stop on error while preparing the sql query
@@ -238,7 +231,7 @@ class remoting {
/* copied from the client_edit php */
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
@@ -251,10 +244,10 @@ class remoting {
$app->remoting_lib->ispconfig_sysuser_add($params, $insert_id);
if($reseller_id) {
- $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ".$insert_id);
- $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$reseller_id);
+ $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id);
+ $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id);
$app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']);
- $app->db->query("UPDATE client SET parent_client_id = ".$reseller_id." WHERE client_id = ".$insert_id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id);
}
}
@@ -347,6 +340,7 @@ class remoting {
//* Get the SQL query
$sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id);
+
// throw new SoapFault('debug', $sql);
if($app->remoting_lib->errorMessage != '') {
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage);
@@ -473,11 +467,8 @@ class remoting {
return false;
}
- $session_id = $app->db->quote($session_id);
-
- $now = time();
- $sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
- $session = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()";
+ $session = $app->db->queryOneRecord($sql, $session_id);
if($session['remote_userid'] > 0) {
return $session;
} else {
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0d89c1f1a13bb4f7f7d56ba7b7bcf724f934fabe..9ee3ca547c2d11cf0e9b89f7cbaac4251435f071 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -110,7 +110,7 @@ class remoting_lib extends tform_base {
if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) {
$client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid);
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid);
$this->client_id = $client['client_id'];
$client_login = true;
@@ -125,23 +125,11 @@ class remoting_lib extends tform_base {
$this->sys_groups = 1;
$_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* load system user - try with sysuser and before with userid (workarrond)
- /*
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
- if(empty($user["userid"])) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
- if(empty($user["userid"])) {
- $this->errorMessage .= "No sysuser with the ID $client_id found.";
- return false;
- }
- }*/
-
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id);
$this->sys_username = $user['username'];
$this->sys_userid = $user['userid'];
$this->sys_default_group = $user['default_group'];
$this->sys_groups = $user['groups'];
- // $_SESSION["s"]["user"]["typ"] = $user['typ'];
// we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin';
}
@@ -239,8 +227,8 @@ class remoting_lib extends tform_base {
return parent::getDataRecord($primary_id);
} elseif($primary_id == -1) {
// Return a array with all records
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape;
- return $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM ??";
+ return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
} else {
throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.');
return array();
@@ -250,22 +238,23 @@ class remoting_lib extends tform_base {
$sql_offset = 0;
$sql_limit = 0;
$sql_where = '';
+ $params = array($this->formDef['db_table']);
foreach($primary_id as $key => $val) {
- $key = $app->db->quote($key);
- $val = $app->db->quote($val);
if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
elseif(stristr($val, '%')) {
- $sql_where .= "$key like '$val' AND ";
+ $sql_where .= "? like ? AND ";
} else {
- $sql_where .= "$key = '$val' AND ";
+ $sql_where .= "? = ? AND ";
}
+ $params[] = $key;
+ $params[] = $val;
}
$sql_where = substr($sql_where, 0, -5);
if($sql_where == '') $sql_where = '1';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
+ $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
- return $app->db->queryAllRecords($sql);
+ return $app->db->queryAllRecords($sql, true, $params);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
return array();
@@ -274,12 +263,12 @@ class remoting_lib extends tform_base {
function ispconfig_sysuser_add($params, $insert_id){
global $conf, $app, $sql1;
- $username = $app->db->quote($params["username"]);
- $password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $password = $params["password"];
if(!isset($params['modules'])) {
$modules = $conf['interface_modules_enabled'];
} else {
- $modules = $app->db->quote($params['modules']);
+ $modules = $params['modules'];
}
if(isset($params['limit_client']) && $params['limit_client'] > 0) {
$modules .= ',client';
@@ -288,44 +277,51 @@ class remoting_lib extends tform_base {
if(!isset($params['startmodule'])) {
$startmodule = 'dashboard';
} else {
- $startmodule = $app->db->quote($params["startmodule"]);
+ $startmodule = $params["startmodule"];
if(!preg_match('/'.$startmodule.'/', $modules)) {
$_modules = explode(',', $modules);
$startmodule=$_modules[0];
}
}
- $usertheme = $app->db->quote($params["usertheme"]);
+ $usertheme = $params["usertheme"];
$type = 'user';
$active = 1;
$insert_id = $app->functions->intval($insert_id);
- $language = $app->db->quote($params["language"]);
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $language = $params["language"];
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $username, "description" => "", "client_id" => $insert_id), 'groupid');
$groups = $groupid;
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
- $app->db->query($sql1);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id);
}
function ispconfig_sysuser_update($params, $client_id){
global $app;
- $username = $app->db->quote($params["username"]);
- $clear_password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $clear_password = $params["password"];
$client_id = $app->functions->intval($client_id);
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
else $password = $clear_password;
- if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
- $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
- $app->db->query($sql);
+ $params = array($username);
+ if ($clear_password) {
+ $pwstring = ", passwort = ?";
+ $params[] = $password;
+ } else {
+ $pwstring ="" ;
+ }
+ $params[] = $client_id;
+ $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?";
+ $app->db->query($sql, true, $params);
}
function ispconfig_sysuser_delete($client_id){
global $app;
$client_id = $app->functions->intval($client_id);
- $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
- $app->db->query($sql);
- $sql = "DELETE FROM sys_group WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "DELETE FROM sys_user WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
+ $sql = "DELETE FROM sys_group WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
}
}
diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php
index cfa8f283601324f93861de938454d8b5cc635279..0a290c1d699bcae630af474c76190d92f5ec1d42 100644
--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -177,7 +177,7 @@ class searchform {
if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
$sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;
- $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");
+ $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ?? WHERE $sql_where", $table);
$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
$vars['list_file'] = $this->listDef['file'];
@@ -247,7 +247,7 @@ class searchform {
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
- $data = $app->db->quote(serialize($settings));
+ $data = serialize($settings);
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
@@ -260,9 +260,8 @@ class searchform {
$sql = 'INSERT INTO `searchform` ( '
.'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` '
- .')VALUES ('
- ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')";
- $app->db->query($sql);
+ .')VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)';
+ $app->db->query($sql, $userid, $groupid, $sys_perm_user, $sys_perm_group, $sys_perm_other, $module, $searchform, $title, $data);
}
public function decode($record)
@@ -303,6 +302,7 @@ class searchform {
return $record;
}
+ /* TODO: check for double quoting mysql value */
public function encode($record)
{
global $app;
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index 8b3a7cffc4b530136d472cbe4b7510a5cfbc3df8..bef2a1037838b2c3253c771b3b5d280b21ad49b9 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -66,9 +66,9 @@ class session {
function read ($session_id) {
if($this->timeout > 0) {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);
} else {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);
}
if (is_array($rec)) {
@@ -87,23 +87,18 @@ class session {
// Dont write session_data to DB if session data has not been changed after reading it.
if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
- $session_id = $this->db->quote($session_id);
- $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = '$session_id'");
+ $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);
return true;
}
if (@$this->session_array['session_id'] == '') {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id',NOW(),NOW(),'$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
- $this->db->query($sql);
+ $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)";
+ $this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n'));
} else {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";
+ $this->db->query($sql, $session_data, $session_id);
}
@@ -112,25 +107,20 @@ class session {
function destroy ($session_id) {
- $session_id = $this->db->quote($session_id);
- $sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE session_id = ?";
+ $this->db->query($sql, $session_id);
return true;
}
function gc ($max_lifetime) {
- /*if($this->timeout > 0) {
- $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
- } else {*/
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($max_lifetime) . " SECOND) AND `permanent` != 'y'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";
+ $this->db->query($sql, intval($max_lifetime));
- /* delete very old even if they are permanent */
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
- $this->db->query($sql);
- //}
+ /* delete very old even if they are permanent */
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
+ $this->db->query($sql);
return true;
diff --git a/interface/lib/classes/sites_database_plugin.inc.php b/interface/lib/classes/sites_database_plugin.inc.php
index bf53c61fadbc5d6494a99da32ff3943b7244ceff..89cb7ce9c278a649d610a2a8ef4891cafbb47ebd 100644
--- a/interface/lib/classes/sites_database_plugin.inc.php
+++ b/interface/lib/classes/sites_database_plugin.inc.php
@@ -40,15 +40,15 @@ class sites_database_plugin {
global $app;
if($form_page->dataRecord["parent_domain_id"] > 0) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($form_page->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $form_page->dataRecord["parent_domain_id"]);
//* The Database user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $backup_interval = $app->db->quote($web['backup_interval']);
+ $backup_interval = $web['backup_interval'];
$backup_copies = $app->functions->intval($web['backup_copies']);
- $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$form_page->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?";
+ $app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id);
}
}
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 7912f537dc78bb762ba11650ab2cd7b3ad2638f9..30a71db6391d42e075ccd17cdd951176d4cc0b79 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -79,8 +79,8 @@ class tform extends tform_base {
$escape = '`';
}
- $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm);
- if($record = $app->db->queryOneRecord($sql)) {
+ $sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm);
+ if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) {
return true;
} else {
return false;
@@ -133,8 +133,8 @@ class tform extends tform_base {
$escape = '`';
}
- $sql = "SELECT sys_userid FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?";
+ $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
// return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record.
if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) {
@@ -161,18 +161,17 @@ class tform extends tform_base {
global $app;
$check_passed = true;
- $limit_name = $app->db->quote($limit_name);
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id);
// Check if the user may add another item
if($client["number"] >= 0) {
- $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE ".$this->getAuthSQL('u');
+ $sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u');
if($sql_where != '') $sql .= ' and '.$sql_where;
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']);
if($tmp["number"] >= $client["number"]) $check_passed = false;
}
@@ -183,30 +182,29 @@ class tform extends tform_base {
global $app;
$check_passed = true;
- $limit_name = $app->db->quote($limit_name);
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
//* first we need to know the groups of this reseller
- $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
$reseller_groups = $tmp["groups"];
$reseller_userid = $tmp["userid"];
// Get the limits of the reseller of the logged in client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']);
// Check if the user may add another item
if($reseller["number"] >= 0) {
- $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE (sys_groupid IN (".$reseller_groups.") or sys_userid = ".$reseller_userid.")";
+ $sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)";
if($sql_where != '') $sql .= ' and '.$sql_where;
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid);
if($tmp["number"] >= $reseller["number"]) $check_passed = false;
}
}
diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index dfc943c8822a33039ea0cd82cf7e4a65a171fc2d..f172fea1f4c5fceb824281c8e1b54ee7cc6b3446 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -82,7 +82,7 @@ class tform_actions {
// check if the client is locked - he may not change anything, then.
if(!$app->auth->is_admin()) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
+ $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(is_array($client) && $client['locked'] == 'y') {
$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";
}
@@ -311,7 +311,6 @@ class tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
}
- //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id);
$this->dataRecord = $app->tform->getDataRecord($this->id);
$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this);
@@ -324,7 +323,7 @@ class tform_actions {
$app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array());
}
- $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1");
+ $app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id);
// loading plugins
@@ -379,11 +378,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -423,11 +422,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']);
$app->tpl->setVar('show_mail', 1);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
$record["mailmessage"] = $_POST["message"];
@@ -459,11 +458,11 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -560,11 +559,11 @@ class tform_actions {
// bestehenden Datensatz anzeigen
if($app->tform->errorMessage == '') {
if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
} else {
// $record = $app->tform->encode($_POST,$this->active_tab);
$record = $app->tform->encode($this->dataRecord, $this->active_tab, false);
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index e27940d4f5c0270eaea15d4e5c02528cb9f1419a..fb943c50b464b17d95a0aa108d02ff87e9dcfc9c 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -347,7 +347,7 @@ class tform_base {
return $values;
} else {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$allowed = explode(',', $client['lm']);
}
}
@@ -359,19 +359,19 @@ class tform_base {
} else {
//* Get the limits of the client that is currently logged in
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
//* first we need to know the groups of this reseller
- $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
$reseller_groups = $tmp["groups"];
$reseller_userid = $tmp["userid"];
// Get the limits of the reseller of the logged in client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']);
$allowed = explode(',', $reseller['lm']);
} else {
return $values;
@@ -810,6 +810,9 @@ class tform_base {
case 'IDNTOUTF8':
$returnval = $app->functions->idn_decode($returnval);
break;
+ case 'TRIM':
+ $returnval = trim($returnval);
+ break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
break;
@@ -853,7 +856,7 @@ class tform_base {
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
if($this->action == 'NEW') {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -863,7 +866,7 @@ class tform_base {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -1108,6 +1111,7 @@ class tform_base {
* @param primary_id
* @return record
*/
+ /* TODO: check for double quoting */
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
@@ -1139,7 +1143,7 @@ class tform_base {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
@@ -1167,7 +1171,7 @@ class tform_base {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
@@ -1359,8 +1363,8 @@ class tform_base {
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
- return $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
+ return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
}
diff --git a/interface/lib/classes/tools_monitor.inc.php b/interface/lib/classes/tools_monitor.inc.php
index d8a09f4d6a1453d227b2a0e3d9788ff08c68e6a7..bd1a969d57457fee98709adf390ea4ab12b0e00f 100644
--- a/interface/lib/classes/tools_monitor.inc.php
+++ b/interface/lib/classes/tools_monitor.inc.php
@@ -33,7 +33,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -80,7 +80,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -123,7 +123,7 @@ class tools_monitor {
function showDatabaseSize () {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
//* format the data
@@ -142,10 +142,12 @@ class tools_monitor {
if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']);
//* get the client
- $line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username'];
+ $tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']);
+ $line['client'] = $tmp['username'];
//* get the domain
- $line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain'];
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']);
+ $line['domain'] = $tmp['domain'];
//* remove the sys_groupid from output
unset($line['sys_groupid']);
@@ -166,7 +168,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -202,7 +204,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -236,7 +238,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -349,7 +351,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -379,7 +381,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -408,7 +410,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -441,7 +443,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -472,7 +474,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -486,7 +488,7 @@ class tools_monitor {
$data = unserialize($record['data']);
if ($data == '') {
$html .= '<p>'.
- 'fail2ban is not installed at this server.<br />' .
+ 'fail2ban is not installed on this server.<br />' .
'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.
'</p>';
}
@@ -506,7 +508,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -520,8 +522,7 @@ class tools_monitor {
$data = unserialize($record['data']);
if ($data == '') {
$html .= '<p>'.
- 'MongoDB is not installed at this server.<br />' .
- 'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.
+ 'MongoDB is not installed on this server.<br />' .
'</p>';
}
else {
@@ -538,7 +539,7 @@ class tools_monitor {
function showIPTables() {
global $app;
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
'<div class="systemmonitor-state state-'.$record['state'].'">
@@ -562,7 +563,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -578,7 +579,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);
/* TODO: datetimeformat should be set somewhat other way */
$dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");
diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3400c5b708097d837a6880881b1e4a064d9fdd5d..b2881f57cc7e28a96554b8f585d17873100035fe 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -87,7 +87,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id'])) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -96,7 +96,7 @@ class tools_sites {
}
}
- $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = $this->convertClientName($clientName);
@@ -114,7 +114,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -122,7 +122,7 @@ class tools_sites {
return '[CLIENTID]';
}
}
- $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
$clientID = $tmp['client_id'];
if ($clientID == '') $clientID = '0';
return $clientID;
@@ -144,6 +144,7 @@ class tools_sites {
return $res;
}
+ /* TODO: rewrite SQL */
function getDomainModuleDomains($not_used_in_table = null, $selected_domain = null) {
global $app;
@@ -168,6 +169,7 @@ class tools_sites {
return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
}
+ /* TODO: rewrite SQL */
function checkDomainModuleDomain($domain_id) {
global $app;
@@ -180,7 +182,8 @@ class tools_sites {
if(!$domain || !$domain['domain_id']) return false;
return $domain['domain'];
}
-
+
+ /* TODO: rewrite SQL */
function getClientIdForDomain($domain_id) {
global $app;
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index c67601bfb7d7c080bd5d9f15d086ab63e06d38dc..db55b04f187862eecd25593396597303f27c3aff 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -43,7 +43,7 @@ class validate_client {
}
if($client_id == 0) {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -53,7 +53,7 @@ class validate_client {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -108,23 +108,23 @@ class validate_client {
switch ($field_name)
{
case 'web_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'dns_servers':
- $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'db_servers':
- $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'mail_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'xmpp_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
}
@@ -151,7 +151,7 @@ class validate_client {
}
// check if country is member of EU
- $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");
+ $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);
if($country_details['eu'] == 'y' && $vatid != ''){
$vatid = preg_replace('/\s+/', '', $vatid);
@@ -161,6 +161,8 @@ class validate_client {
// Test if the country of the VAT-ID matches the country of the customer
if($country != ''){
+ // Greece
+ if($country == 'GR') $country = 'EL';
if(strtoupper($cc) != $country){
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_dkim.inc.php b/interface/lib/classes/validate_dkim.inc.php
index 71fd8c5454a847b1877cd9d74e81502538803851..5d7fb8f1e369a88930ca90379ee90be5af2cb203 100644
--- a/interface/lib/classes/validate_dkim.inc.php
+++ b/interface/lib/classes/validate_dkim.inc.php
@@ -62,8 +62,10 @@ class validate_dkim {
*/
function check_template($field_name, $field_value, $validator) {
$dkim=false;
- foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
- if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ if(is_array($field_value) && !empty($field_value)){
+ foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
+ if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ }
}
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index 212c4d75dccd8aaf7b537f342b9a7465be22cf10..a6920e0b01d4f033326b148f425d34631d2cb9bb 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -104,7 +104,7 @@ class validate_dns {
}
if(substr($field, -1) == '.' && $area == 'Name'){
- $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
+ $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ?", $zoneid);
if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";
}
diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index a072412584f51bb4a4d5b226c20009449df983c5..b4acbd6db136449cb967aa46602684a13ea0188b 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -88,8 +88,8 @@ class validate_domain {
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
if ($settings['use_domain_module'] == 'y') {
- $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain);
- $domain_check = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?";
+ $domain_check = $app->db->queryOneRecord($sql, $check_domain);
if(!$domain_check) return;
$check_domain = $domain_check['domain'];
}
@@ -157,24 +157,27 @@ class validate_domain {
if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
if($domain['parent_domain_id'] > 0){
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']);
}
}
// check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well
- $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')");
+ $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id);
$additional_sql1 = '';
$additional_sql2 = '';
+ $domain_params = array();
if(is_array($aliassubdomains) && !empty($aliassubdomains)){
foreach($aliassubdomains as $aliassubdomain){
- $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'";
- $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'";
+ $additional_sql1 .= " OR d.domain = ?";
+ $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?";
+ $domain_params[] = $aliassubdomain['domain'];
}
}
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true, $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -185,8 +188,9 @@ class validate_domain {
}
if($only_domain == false) {
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true, $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -207,7 +211,7 @@ class validate_domain {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_wildcard"] == 'y') return true;
else return false;
diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 8e0663ecae9dc661df5051163a37a9b9d73a1bea..da8c100adcdb168287b97db8b81be580a36f6d13 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -50,7 +50,7 @@ class validate_ftpuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'");
+ $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id);
if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -66,7 +66,7 @@ class validate_ftpuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
index 2cab1cf44464c563b7296230cd3af6682d906aa3..74824b72ca592ad3b4506fee29f1f219e6d798fd 100644
--- a/interface/lib/classes/validate_systemuser.inc.php
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -95,7 +95,7 @@ class validate_systemuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'");
+ $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -111,7 +111,7 @@ class validate_systemuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/plugins/dns_dns_slave_plugin.inc.php b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
index aa2e20f9ab4089e5833de379049ee22f416f24a3..8f49ce69d0bc4c855f60a927cc120a38dee8f7ac 100644
--- a/interface/lib/plugins/dns_dns_slave_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
@@ -30,19 +30,19 @@ class dns_dns_slave_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/dns_dns_soa_plugin.inc.php b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
index 1cada0e932d59510d136542b8a3295933a434e37..8f047bef8b147c354cc400a082b4050a7b4befec 100644
--- a/interface/lib/plugins/dns_dns_soa_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
@@ -31,17 +31,17 @@ class dns_dns_soa_plugin {
$tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id));
if($tmp['diff_num'] > 0) {
// Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id);
+ $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id);
}
}
}
@@ -49,15 +49,15 @@ class dns_dns_soa_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
}
diff --git a/interface/lib/plugins/mail_mail_domain_plugin.inc.php b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
index 13f6009ee58d62a84aaf6cc4de54b9c48a5ca4e3..90b1ac15b95033a431d6c75932392eaec0f8652a 100644
--- a/interface/lib/plugins/mail_mail_domain_plugin.inc.php
+++ b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
@@ -31,23 +31,29 @@ class mail_mail_domain_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'";
+ $updates = "sys_groupid = ?, sys_perm_group = 'ru'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id;
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
$updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id;
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
//** If the domain name or owner has been changed, change the domain and owner in all mailbox records
@@ -57,9 +63,9 @@ class mail_mail_domain_plugin {
$mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail');
//* Update the mailboxes
- $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']);
$sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']);
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
if(is_array($mailusers)) {
foreach($mailusers as $rec) {
@@ -67,46 +73,45 @@ class mail_mail_domain_plugin {
$mail_parts = explode("@", $rec['email']);
$maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]);
$maildir = str_replace("[localpart]", $mail_parts[0], $maildir);
- $maildir = $app->db->quote($maildir);
- $email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']);
- $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);
+ $email = $mail_parts[0].'@'.$page_form->dataRecord['domain'];
+ $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);
}
}
//* Update the aliases
- $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']);
if(is_array($forwardings)) {
foreach($forwardings as $rec) {
- $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
- $source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']));
- $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);
+ $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+ $source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']);
+ $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);
}
}
//* Update the mailinglist
- $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']);
if(is_array($mailing_lists)) {
foreach($mailing_lists as $rec) {
- $app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']);
+ $app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']);
}
}
//* Update the mailget records
- $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']);
if(is_array($mail_gets)) {
foreach($mail_gets as $rec) {
- $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
- $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);
+ $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+ $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);
}
}
if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) {
//* Delete the old spamfilter record
- $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);
unset($tmp);
}
- $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']);
} // end if domain name changed
}
diff --git a/interface/lib/plugins/mail_user_filter_plugin.inc.php b/interface/lib/plugins/mail_user_filter_plugin.inc.php
index 8faeab5e83aad6c63b01df88cc35689d36583099..640dab230086183de1f35779315c52f80fe6be8a 100644
--- a/interface/lib/plugins/mail_user_filter_plugin.inc.php
+++ b/interface/lib/plugins/mail_user_filter_plugin.inc.php
@@ -61,7 +61,7 @@ class mail_user_filter_plugin {
function mail_user_filter_edit($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -86,8 +86,7 @@ class mail_user_filter_plugin {
$out = $new_rule . $out;
}
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
+ $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
}
@@ -95,7 +94,7 @@ class mail_user_filter_plugin {
function mail_user_filter_del($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -111,8 +110,7 @@ class mail_user_filter_plugin {
}
}
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
+ $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
}
@@ -124,7 +122,7 @@ class mail_user_filter_plugin {
global $app, $conf;
$app->uses("getconf");
- $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"]));
+ $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail');
if($mail_config['mail_filter_syntax'] == 'sieve') {
diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
index 1a880a1b10a0cd4d67cdc9861dbf917839b01c96..754c249ab9959208beba689b4b9a50971ae2b119 100644
--- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
@@ -31,13 +31,12 @@ class sites_web_database_user_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
- //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
}
}
diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
index b65c05bf2cd0546bcf853685a1e02b1278703c4d..aeb5623996009f08e3650628c4e0c871b5b50007 100644
--- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
@@ -51,11 +51,11 @@ class sites_web_vhost_domain_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
// Get configuration for the web system
$app->uses("getconf");
@@ -73,15 +73,15 @@ class sites_web_vhost_domain_plugin {
// get the ID of the client
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);
$client_id = $app->functions->intval($client["client_id"]);
} elseif (isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
} else {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
}
@@ -89,81 +89,81 @@ class sites_web_vhost_domain_plugin {
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote('web'.$page_form->id);
- $system_group = $app->db->quote('client'.$client_id);
+ $system_user = 'web'.$page_form->id;
+ $system_group = 'client'.$client_id;
$document_root = str_replace("[client_id]", $client_id, $document_root);
$document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);
$document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
$document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
- $document_root = $app->db->quote($document_root);
if($event_name == 'sites:web_vhost_domain:on_after_update') {
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id);
// Update the FTP user(s) too
- $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
+ $app->db->datalogUpdate('ftp_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "uid" => $system_user, "gid" => $system_group, "dir" => $document_root), 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
}
unset($records);
unset($rec);
// Update the webdav user(s) too
- $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));
+ $app->db->datalogUpdate('webdav_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));
}
unset($records);
unset($rec);
// Update the web folder(s) too
- $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id']));
+ $app->db->datalogUpdate('web_folder', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_id', $app->functions->intval($rec['web_folder_id']));
}
unset($records);
unset($rec);
//* Update all web folder users
- $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));
+ $app->db->datalogUpdate('web_folder_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));
}
unset($records);
unset($rec);
// Update the Shell user(s) too
- $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
+ $app->db->datalogUpdate('shell_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "puser" => $system_user, "pgroup" => $system_group, "dir" => $document_root), 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
}
unset($records);
unset($rec);
// Update the cron(s) too
- $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id']));
+ $app->db->datalogUpdate('cron', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'id', $app->functions->intval($rec['id']));
}
unset($records);
unset($rec);
//* Update all subdomains and alias domains
- $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'";
+ $update_columns = array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']);
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $rec['domain'], $php_open_basedir));
+ $php_open_basedir = str_replace("[website_domain]", $rec['domain'], $php_open_basedir);
- $update_columns .= ", document_root = '".$document_root."', `php_open_basedir` = '".$php_open_basedir."'";
+ $update_columns["document_root"] = $document_root;
+ $update_columns["php_open_basedir"] = $php_open_basedir;
}
$app->db->datalogUpdate('web_domain', $update_columns, 'domain_id', $rec['domain_id']);
}
@@ -171,24 +171,24 @@ class sites_web_vhost_domain_plugin {
unset($rec);
//* Update all databases
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
+ $app->db->datalogUpdate('web_database', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_id', $app->functions->intval($rec['database_id']));
}
//* Update all database users
- $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id']));
+ $app->db->datalogUpdate('web_database_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_user_id', $app->functions->intval($rec['database_user_id']));
}
unset($records);
unset($rec);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
- $app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']);
+ $app->db->datalogUpdate('aps_instances', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "customer_id" => $client_id), 'id', $rec['instance_id']);
}
}
unset($records);
@@ -198,20 +198,20 @@ class sites_web_vhost_domain_plugin {
//* If the domain name has been changed, we will have to change all subdomains + APS instances
if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) {
- $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]);
foreach($records as $rec) {
- $subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']));
- $app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']);
+ $subdomain = str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']);
+ $app->db->datalogUpdate('web_domain', array("domain" => $subdomain), 'domain_id', $rec['domain_id']);
}
unset($records);
unset($rec);
unset($subdomain);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
- $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']);
+ $app->db->datalogUpdate('aps_instances_settings', array("value" => $page_form->dataRecord["domain"]), 'id', $rec['id']);
}
}
unset($records);
@@ -220,35 +220,35 @@ class sites_web_vhost_domain_plugin {
//* Set allow_override if empty
if($web_rec['allow_override'] == '') {
- $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?";
+ $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id);
}
//* Set php_open_basedir if empty or domain or client has been changed
if(empty($web_rec['php_open_basedir']) ||
(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) {
$php_open_basedir = $web_rec['php_open_basedir'];
- $php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
if(empty($web_rec['php_open_basedir']) ||
(isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) {
- $document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root));
+ $document_root = str_replace("[client_id]", $client_id, $document_root);
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
//* Change database backup options when web backup options have been changed
if(isset($page_form->dataRecord['backup_interval']) && ($page_form->dataRecord['backup_interval'] != $page_form->oldDataRecord['backup_interval'] || $page_form->dataRecord['backup_copies'] != $page_form->oldDataRecord['backup_copies'])) {
//* Update all databases
- $backup_interval = $app->db->quote($page_form->dataRecord['backup_interval']);
+ $backup_interval = $page_form->dataRecord['backup_interval'];
$backup_copies = $app->functions->intval($page_form->dataRecord['backup_copies']);
$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'database_id', $rec['database_id']);
}
unset($records);
unset($rec);
@@ -258,36 +258,36 @@ class sites_web_vhost_domain_plugin {
//* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed
if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) {
- $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("ip_address" => $web_rec['ip_address'], "ipv6_address" => $web_rec['ipv6_address']), 'domain_id', $rec['domain_id']);
}
unset($records);
unset($rec);
}
} else {
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
-
- $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $web_config["htaccess_allow_override"];
+
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
} else {
if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) {
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'");
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote($parent_domain['system_user']);
- $system_group = $app->db->quote($parent_domain['system_group']);
- $document_root = $app->db->quote($parent_domain['document_root']);
+ $system_user = $parent_domain['system_user'];
+ $system_group = $parent_domain['system_group'];
+ $document_root = $parent_domain['document_root'];
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
- $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']);
- $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $parent_domain['allow_override'];
+ $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php
index fd442055623c273d166ba5094f88b76e44c8f222..dcd2df73504fbc638b7e3f9b0121d5c7c4e421c3 100644
--- a/interface/lib/plugins/vm_openvz_plugin.inc.php
+++ b/interface/lib/plugins/vm_openvz_plugin.inc.php
@@ -41,24 +41,24 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
// Set the VEID
$tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm');
$veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101;
- $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id);
unset($tmp);
// Apply template values to the advanced tab settings
$this->applyTemplate();
// Set the IP address
- $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -82,11 +82,11 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) {
@@ -94,7 +94,7 @@ class vm_openvz_plugin {
}
// Set the IP address
- if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -111,8 +111,8 @@ class vm_openvz_plugin {
global $app, $conf;
//* Free the IP address
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id));
- $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id);
+ $app->db->datalogUpdate('openvz_ip', array('vm_id' => 0), 'ip_address_id', $tmp['ip_address_id']);
unset($tmp);
}
@@ -120,29 +120,29 @@ class vm_openvz_plugin {
private function applyTemplate() {
global $app, $conf;
- $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"]));
+ $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]);
$sql = "UPDATE openvz_vm SET ";
- $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', ";
- $sql .= "ram = '".$app->db->quote($tpl['ram'])."', ";
- $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', ";
- $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', ";
- $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', ";
- $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', ";
- $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', ";
- $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', ";
- $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', ";
- $sql .= "capability = '".$app->db->quote($tpl['capability'])."' ";
- $sql .= "WHERE vm_id = ".$app->functions->intval($this->id);
- $app->db->query($sql);
+ $sql .= "diskspace = ?, ";
+ $sql .= "ram = ?, ";
+ $sql .= "ram_burst = ?, ";
+ $sql .= "cpu_units = ?, ";
+ $sql .= "cpu_num = ?, ";
+ $sql .= "cpu_limit = ?, ";
+ $sql .= "io_priority = ?, ";
+ $sql .= "nameserver = ?, ";
+ $sql .= "create_dns = ?, ";
+ $sql .= "capability = ? ";
+ $sql .= "WHERE vm_id = ?";
+ $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id);
}
private function makeOpenVZConfig() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
- $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id']));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id));
+ $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id']));
$burst_ram = $vm['ram_burst']*256;
$guar_ram = $vm['ram']*256;
@@ -194,12 +194,12 @@ class vm_openvz_plugin {
$tpl->setVar('nameserver', $vm['nameserver']);
$tpl->setVar('capability', $vm['capability']);
- $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id']));
+ $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id']));
$tpl->setVar('ostemplate', $tmp['template_file']);
unset($tmp);
- $openvz_config = $app->db->quote($tpl->grab());
- $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id));
+ $openvz_config = $tpl->grab();
+ $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id));
unset($tpl);
@@ -208,23 +208,23 @@ class vm_openvz_plugin {
private function createDNS() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id));
if($vm['create_dns'] != 'y') return;
$full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']);
$hostname_parts = explode('.', $full_hostname);
- $hostname = $app->db->quote($hostname_parts[0]);
+ $hostname = $hostname_parts[0];
unset($hostname_parts[0]);
- $zone = $app->db->quote((implode('.', $hostname_parts)));
+ $zone = implode('.', $hostname_parts);
unset($hostname_parts);
// Find the dns zone
- $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'");
- $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'");
+ $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone);
+ $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname);
if($zone_rec['id'] > 0) {
- $ip_address = $app->db->quote($vm['ip_address']);
+ $ip_address = $vm['ip_address'];
$sys_userid = $app->functions->intval($zone_rec['sys_userid']);
$sys_groupid = $app->functions->intval($zone_rec['sys_groupid']);
$server_id = $app->functions->intval($zone_rec['server_id']);
@@ -232,12 +232,25 @@ class vm_openvz_plugin {
if($rr_rec['id'] > 0) {
$app->uses('validate_dns');
- $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id']));
+ $app->db->datalogUpdate('dns_rr', array("data" => $ip_address), 'id', $app->functions->intval($rr_rec['id']));
$serial = $app->validate_dns->increase_serial($zone_rec['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id']));
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $app->functions->intval($zone_rec['id']));
} else {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $hostname,
+ "type" => 'A',
+ "data" => $ip_address,
+ "aux" => '0',
+ "ttl" => '3600',
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 6c29f766d100d03f548d815f26ffdd6c4956bd37..4dd26afbf6759aa1a001fd773e6fa851c72ba3b1 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php
index 8db725b95fe11c7c453641fd67b3518f4fdab740..0c2502c6c4a4c1ef4b5a8cceaa5bd295ba6e0894 100644
--- a/interface/web/admin/form/directive_snippets.tform.php
+++ b/interface/web/admin/form/directive_snippets.tform.php
@@ -105,6 +105,17 @@ $form["tabs"]['directive_snippets'] = array (
'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'required_php_snippets' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOXARRAY',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => "SELECT directive_snippets_id,name FROM directive_snippets WHERE type = 'php' AND active = 'y'ORDER BY name",
+ 'keyfield' => 'directive_snippets_id',
+ 'valuefield' => 'name'
+ ),
+ 'separator' => ',',
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 7827b43f26d57403cfe3b5f3b98184c49310132e..0f78f9d2bf19a524f975545d0661f85f03a51d4a 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -182,7 +182,7 @@ $form["tabs"]['server'] = array(
'backup_dir_is_mount' => array(
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
- 'default' => 'n',
+ 'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
'backup_mode' => array(
@@ -327,7 +327,7 @@ $form["tabs"]['mail'] = array(
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '2048',
- 'value' => array('1024' => 'week (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')
+ 'value' => array('1024' => 'weak (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')
),
'relayhost_password' => array(
'datatype' => 'VARCHAR',
@@ -1036,7 +1036,7 @@ $form["tabs"]['web'] = array(
'enable_spdy' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
- 'default' => 'n',
+ 'default' => 'y',
'value' => array (
0 => 'n',
1 => 'y'
diff --git a/interface/web/admin/lib/module.conf.php b/interface/web/admin/lib/module.conf.php
index 7f4d19da1abd456a7027fdd6729994edc67b2a90..727f7a2d5555918be7282dd705bf8e2f745f72b4 100644
--- a/interface/web/admin/lib/module.conf.php
+++ b/interface/web/admin/lib/module.conf.php
@@ -7,6 +7,7 @@ $module['title'] = 'top_menu_system';
$module['template'] = 'module.tpl.htm';
$module['startpage'] = 'admin/server_list.php';
$module['tab_width'] = '60';
+$module['order'] = '90';
$items[] = array( 'title' => 'CP Users',
diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php
index 37fe89a42d2102861cc9e66a659ac30d213d20a8..078cebf8608ed82d12ad8f5cc1d12d1d5f1990ff 100644
--- a/interface/web/admin/list/directive_snippets.list.php
+++ b/interface/web/admin/list/directive_snippets.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "name",
@@ -82,6 +82,6 @@ $liste["item"][] = array( 'field' => "customer_viewable",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
?>
diff --git a/interface/web/admin/list/firewall.list.php b/interface/web/admin/list/firewall.list.php
index 058e86c804cfa730fdbed654b2a6ec18a76a8fff..786b7b848ae756f78a69e987b0af7a98a6cfdfed 100644
--- a/interface/web/admin/list/firewall.list.php
+++ b/interface/web/admin/list/firewall.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/iptables.list.php b/interface/web/admin/list/iptables.list.php
index ad487e5b6baf5a688561385956414907d32be758..3ad78404ea4c195e8d35cdd79f9fec4338fe1f97 100644
--- a/interface/web/admin/list/iptables.list.php
+++ b/interface/web/admin/list/iptables.list.php
@@ -18,14 +18,14 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array("y" => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", "n" => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array("y" => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", "n" => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
- 'datatype' => "VARCHAR",
+ 'datatype' => "INTEGER",
'formtype' => "SELECT",
- 'op' => "like",
- 'prefix' => "%",
- 'suffix' => "%",
+ 'op' => "=",
+ 'prefix' => "",
+ 'suffix' => "",
'datasource' => array ( 'type' => "SQL",
'querystring' => "SELECT server_id,server_name FROM server WHERE {AUTHSQL} AND db_server = 1 ORDER BY server_name",
'keyfield'=> "server_id",
diff --git a/interface/web/admin/list/server.list.php b/interface/web/admin/list/server.list.php
index 0290632405d948c77cdcb90eb741fa4617df2458..9ca54c07d5d2df744ac530f6898792264a666d25 100644
--- a/interface/web/admin/list/server.list.php
+++ b/interface/web/admin/list/server.list.php
@@ -63,7 +63,7 @@ $liste['item'][] = array( 'field' => 'mail_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'web_server',
'datatype' => 'VARCHAR',
@@ -72,7 +72,7 @@ $liste['item'][] = array( 'field' => 'web_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'dns_server',
'datatype' => 'VARCHAR',
@@ -81,7 +81,7 @@ $liste['item'][] = array( 'field' => 'dns_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'file_server',
'datatype' => 'VARCHAR',
@@ -90,7 +90,7 @@ $liste['item'][] = array( 'field' => 'file_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'db_server',
'datatype' => 'VARCHAR',
@@ -99,7 +99,7 @@ $liste['item'][] = array( 'field' => 'db_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'vserver_server',
'datatype' => 'VARCHAR',
@@ -108,7 +108,7 @@ $liste['item'][] = array( 'field' => 'vserver_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'xmpp_server',
'datatype' => 'VARCHAR',
@@ -117,6 +117,6 @@ $liste['item'][] = array( 'field' => 'xmpp_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
?>
diff --git a/interface/web/admin/list/server_ip.list.php b/interface/web/admin/list/server_ip.list.php
index dba0c68cb1129b58210479614da81a448b52797e..41ac76e2a9dd67409c9b4a99a29021df789779fa 100644
--- a/interface/web/admin/list/server_ip.list.php
+++ b/interface/web/admin/list/server_ip.list.php
@@ -45,11 +45,11 @@ $liste['auth'] = 'no';
*****************************************************/
$liste['item'][] = array( 'field' => 'server_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
@@ -59,11 +59,11 @@ $liste['item'][] = array( 'field' => 'server_id',
'value' => '');
$liste['item'][] = array( 'field' => 'client_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',
'keyfield'=> 'client_id',
@@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "virtualhost",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'virtualhost_port',
diff --git a/interface/web/admin/list/server_php.list.php b/interface/web/admin/list/server_php.list.php
index ce8944d5a85e87ce3a4ae5e3874dd6162c53c85d..2414cb8fec37d2c71ad71081afd8a80a3dce6609 100644
--- a/interface/web/admin/list/server_php.list.php
+++ b/interface/web/admin/list/server_php.list.php
@@ -45,11 +45,11 @@ $liste['auth'] = 'no';
*****************************************************/
$liste['item'][] = array( 'field' => 'server_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
@@ -59,11 +59,11 @@ $liste['item'][] = array( 'field' => 'server_id',
'value' => '');
$liste['item'][] = array( 'field' => 'client_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',
'keyfield'=> 'client_id',
diff --git a/interface/web/admin/list/software_repo.list.php b/interface/web/admin/list/software_repo.list.php
index 2eb3dd520eeb4d74bd39184f39879b9f6e6c237f..824c66d6d9d29f0ae04727cd605535f272573b71 100644
--- a/interface/web/admin/list/software_repo.list.php
+++ b/interface/web/admin/list/software_repo.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "repo_name",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/users.list.php b/interface/web/admin/list/users.list.php
index b260c2b3c652f01b5c61c277c58d4c3ae7688dbb..53e3f440a6f6e76f6c79e0eb16610ee0bb45c61c 100644
--- a/interface/web/admin/list/users.list.php
+++ b/interface/web/admin/list/users.list.php
@@ -60,7 +60,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste['item'][] = array( 'field' => 'username',
'datatype' => 'VARCHAR',
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 32bf0c4333b8973ec352bd7aee2fc07fac5ff633..263400665873c71a00137bcfb8d2e8d423e7bd5a 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -80,15 +80,8 @@ if (1 == 0 && isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'ispc_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'ispc_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 61c6c23823689ad99558e2becba462b0905ba3e6..8f48e29f2d472d6937c37e73af54237c3f0f8bd3 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -76,15 +76,8 @@ if (isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'os_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'os_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index e561b00ac546fd900a48c0b292e1cbd7d2fcb37d..d64b6dd7dbae3b45eeb9c7133268c4689d9c9889 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+ $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
}
}
diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php
index 0adf313181a23764852fd72c63baef27b96c6e38..c2e746d5c58fce1e2d2b8a08b8fa92de282b4079 100644
--- a/interface/web/admin/server_edit.php
+++ b/interface/web/admin/server_edit.php
@@ -55,8 +55,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Getting Servers
- $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
- $mirror_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id != ? ORDER BY server_name";
+ $mirror_servers = $app->db->queryAllRecords($sql, $this->id);
$mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
diff --git a/interface/web/admin/server_ip_edit.php b/interface/web/admin/server_ip_edit.php
index c20f752b86c86c5535fe49a9a37b727ea5c0a469..f7872f4438954d47dc7dbdfbbd495b9032a5fe40 100644
--- a/interface/web/admin/server_ip_edit.php
+++ b/interface/web/admin/server_ip_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/server_php_edit.php b/interface/web/admin/server_php_edit.php
index f60ae997a051a92b5d389701debc40db26b184d9..12aacf60b92a687c75c71f33fad9abe5b83cad5a 100644
--- a/interface/web/admin/server_php_edit.php
+++ b/interface/web/admin/server_php_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index dd49f2e0b74ec0be3ec093cf7c548a51647cf46e..ccbfd73ebe6e2c3411f1a1fa32dd579c06b45ccd 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -38,11 +38,11 @@ $app->auth->check_security_permissions('admin_allow_software_packages');
//* This is only allowed for administrators
if(!$app->auth->is_admin()) die('only allowed for administrators.');
-$package_name = $app->db->quote($_REQUEST['package']);
+$package_name = $_REQUEST['package'];
$install_server_id = $app->functions->intval($_REQUEST['server_id']);
-$install_key = $app->db->quote(trim($_REQUEST['install_key']));
+$install_key = trim($_REQUEST['install_key']);
-$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '$package_name'");
+$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);
$install_key_verified = false;
$message_err = '';
@@ -51,7 +51,7 @@ $message_ok = '';
//* verify the key
if($package['package_installable'] == 'key' && $install_key != '') {
- $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
+ $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ?", $package['software_repo_id']);
$client = new SoapClient(null, array('location' => $repo['repo_url'],
'uri' => $repo['repo_url']));
@@ -63,7 +63,7 @@ if($package['package_installable'] == 'key' && $install_key != '') {
$message_err = 'Verification of the key failed.';
} else {
// Store the verified key into the database
- $app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_key" => $install_key), 'package_id', $package['package_id']);
}
} else {
$message_ok = 'Please enter the software key for the package.';
@@ -71,8 +71,8 @@ if($package['package_installable'] == 'key' && $install_key != '') {
//* Install packages, if all requirements are fullfilled.
if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = ? ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $package_name);
$software_update_id = $tmp['software_update_id'];
//* if package requires a DB and there is no data for a db in config, then we create this data now
@@ -91,7 +91,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
'database_host' => 'localhost');
$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
$package['package_config'] = $package_config_str;
- $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
}
}
@@ -105,7 +105,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
if(!isset($package_config_array['remote_api'])) {
$remote_user = 'ispapp'.$package['package_id'];
$remote_password = md5(mt_rand());
- $remote_functions = $app->db->quote($package['package_remote_functions']);
+ $remote_functions = $package['package_remote_functions'];
$package_config_array['remote_api'] = array(
'remote_hostname' => $_SERVER['HTTP_HOST'],
@@ -116,19 +116,23 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
$package['package_config'] = $package_config_str;
$remote_password_md5 = md5($remote_password);
- $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
- (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
-
- $app->db->query($sql);
+ (1, 1, 'riud', 'riud', '', ?, ?, ?)";
+ $app->db->query($sql, $remote_user, $remote_password_md5, $remote_functions);
}
}
//* Add the record to start the install process
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
+ $insert_data = array(
+ "package_name" => $package_name,
+ "server_id" => $install_server_id,
+ "software_update_id" => $software_update_id,
+ "status" => 'installing'
+ );
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"ISPConfig.submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index f7bf25b9c24de6e40db966fcc1d095993a0e7f3c..5e552dbee7b9497c26bf17571c561cb85c4efbe9 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -48,27 +48,40 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$packages = $client->get_packages($repo['repo_username'], $repo['repo_password']);
if(is_array($packages)) {
foreach($packages as $p) {
- $package_name = $app->db->quote($p['name']);
- $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
+ $package_name = $p['name'];
+ $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = ?", $package_name);
- $package_title = $app->db->quote($p['title']);
- $package_description = $app->db->quote($p['description']);
+ $package_title = $p['title'];
+ $package_description = $p['description'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $package_type = $app->db->quote($p['type']);
- $package_installable = $app->db->quote($p['installable']);
- $package_requires_db = $app->db->quote($p['requires_db']);
- $package_remote_functions = $app->db->quote($p['remote_functions']);
+ $package_type = $p['type'];
+ $package_installable = $p['installable'];
+ $package_requires_db = $p['requires_db'];
+ $package_remote_functions = $p['remote_functions'];
if(empty($tmp['package_id'])) {
- //$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db,package_remote_functions) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db','$package_remote_functions')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
$app->db->datalogInsert('software_package', $insert_data, 'package_id');
$packages_added++;
} else {
- //$sql = "UPDATE software_package SET software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db' WHERE package_name = '$package_name'";
- //$app->db->query($sql);
- $update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";
+ $update_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
//echo $update_data;
$app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);
}
@@ -91,25 +104,31 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$v3 = $app->functions->intval($version_array[2]);
$v4 = $app->functions->intval($version_array[3]);
- $package_name = $app->db->quote($u['package_name']);
+ $package_name = $u['package_name'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
+ $update_url = $u['url'];
+ $update_md5 = $u['md5'];
+ $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+ $update_title = $u['title'];
+ $type = $u['type'];
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
- // Insert the update in the datbase
- //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
- //die($sql);
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "update_url" => $update_url,
+ "update_md5" => $update_md5,
+ "update_dependencies" => $update_dependencies,
+ "update_title" => $update_title,
+ "v1" => $v1,
+ "v2" => $v2,
+ "v3" => $v3,
+ "v4" => $v4,
+ "type" => $type
+ );
$app->db->datalogInsert('software_update', $insert_data, 'software_update_id');
}
@@ -120,23 +139,6 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
}
}
-//* Install packages, if GET Request
-/*
-if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
- $server_id = $app->functions->intval($_GET['server_id']);
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
- $software_update_id = $tmp['software_update_id'];
-
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
- $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
-}
-*/
-
-
-
// Show the list in the interface
// Loading the template
$app->uses('tpl');
@@ -150,7 +152,7 @@ if(is_array($packages) && count($packages) > 0) {
foreach($packages as $key => $p) {
$installed_txt = '';
foreach($servers as $s) {
- $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
+ $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = ? AND server_id = ?", $p["package_name"], $s["server_id"]);
$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
if($inst['status'] == 'installed') {
diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php
index 321c42bc139f01791a11881d61cf87b1c8f437ec..c987e9e04bebe9606a45cbac217d5c40925a7947 100644
--- a/interface/web/admin/software_update_list.php
+++ b/interface/web/admin/software_update_list.php
@@ -72,23 +72,23 @@ if(is_array($repos)) {
$v3 = $app->functions->intval($version_array[2]);
$v4 = $app->functions->intval($version_array[3]);
- $package_name = $app->db->quote($u['package_name']);
+ $package_name = $u['package_name'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
+ $update_url = $u['url'];
+ $update_md5 = $u['md5'];
+ $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+ $update_title = $u['title'];
+ $type = $u['type'];
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
// Insert the update in the datbase
$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ VALUES ($software_repo_id, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
//die($sql);
- $app->db->query($sql);
+ $app->db->query($sql, $package_name, $update_url, $update_md5, $update_dependencies, $update_title, $v1, $v2, $v3, $v4, $type);
}
}
@@ -101,12 +101,16 @@ if(is_array($repos)) {
//* Install packages, if GET Request
if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
+ $package_name = $_GET['package'];
$server_id = $app->functions->intval($_GET['server_id']);
$software_update_id = $app->functions->intval($_GET['id']);
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
+ $insert_data = array(
+ "package_name" => $package_name,
+ "server_id" => $server_id,
+ "software_update_id" => $software_update_id,
+ "status" => 'installing'
+ );
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
}
@@ -162,12 +166,12 @@ if(is_array($installed_packages)) {
foreach($installed_packages as $ip) {
// Get version number of the latest installed version
- $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
- $lu = $app->db->queryOneRecord($sql);
+ $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
+ $lu = $app->db->queryOneRecord($sql, $server_id);
// Get all installable updates
- $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
- $updates = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM software_update WHERE v1 >= ? AND v2 >= ? AND v3 >= ? AND v4 >= ? AND package_name = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
+ $updates = $app->db->queryAllRecords($sql, $lu['v1'], $lu['v2'], $lu['v3'], $lu['v4'], $ip['package_name']);
//die($sql);
if(is_array($updates)) {
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 7108f2707a8aa31bf498b143305dd2f127c8ae89..f48f11b7ed5faf17521c4cb4b18f003568fefdd4 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -89,13 +89,24 @@ class page_action extends tform_actions {
$available_dashlets_txt = '';
$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
while ($file = @readdir($handle)) {
- if ($file != '.' && $file != '..' && !is_dir($file)) {
+ if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {
$available_dashlets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.substr($file, 0, -4).']<pre class="addPlaceholderContent" style="display:none;">['.substr($file, 0, -4).'],</pre></a> ';
}
}
if($available_dashlets_txt == '') $available_dashlets_txt = '------';
$app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
+
+ // Logo
+ $sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);
+ if($sys_ini['custom_logo'] != ''){
+ $logo = '<img src="'.$sys_ini['custom_logo'].'" /> <a href="#" class="btn btn-default formbutton-danger formbutton-narrow" style="margin:5px" id="del_custom_logo"><span class="icon icon-delete"></span></a>';
+ } else {
+ $logo = '<img src="'.$sys_ini['default_logo'].'" />';
+ }
+ $default_logo = '<img src="'.$sys_ini['default_logo'].'" />';
+ $app->tpl->setVar("used_logo", $logo);
+ $app->tpl->setVar("default_logo", $default_logo);
parent::onShowEnd();
}
@@ -165,9 +176,7 @@ class page_action extends tform_actions {
$server_config_array[$section] = $new_config;
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
- //if($conf['demo_mode'] != true) $app->db->query($sql);
- if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
+ if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', array("config" => $server_config_str), 'sysini_id', 1);
/*
* If we should use the domain-module, we have to insert all existing domains into the table
@@ -185,26 +194,28 @@ class page_action extends tform_actions {
"FROM web_domain WHERE type NOT IN ('subdomain','vhostsubdomain')";
$app->db->query($sql);
}
+
+ //die(print_r($_FILES));
+ // Logo
+ /*
+ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
+ //print_r($_FILES);
+
+ $path= $_FILES['file']['tmp_name'];
+ $type = pathinfo($path, PATHINFO_EXTENSION);
+ $data = file_get_contents($path);
+ $base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);
+ $app->db->query("UPDATE sys_ini SET custom_logo = ? WHERE sysini_id = ?", $base64, $this->id);
+ }
+ */
// Maintenance mode
if($server_config_array['misc']['maintenance_mode'] == 'y'){
//print_r($_SESSION);
//echo $_SESSION['s']['id'];
- $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+ $app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);
}
}
-
- /*
- function onAfterUpdate() {
- if($this->_js_changed == true) {
- // not the best way, but it works
- header('Content-Type: text/html');
- print '<script type="text/javascript">document.location.reload(true);</script>';
- exit;
- }
- }
- */
-
}
$app->tform_actions = new page_action;
diff --git a/interface/web/admin/templates/directive_snippets_edit.htm b/interface/web/admin/templates/directive_snippets_edit.htm
index 7729fc163d8b118e0862a29e511e99a8ed6f375c..21b76867ec12d468ff7371222951e1ef809276aa 100644
--- a/interface/web/admin/templates/directive_snippets_edit.htm
+++ b/interface/web/admin/templates/directive_snippets_edit.htm
@@ -17,6 +17,12 @@
<div class="form-group">
<label for="snippet" class="col-sm-3 control-label">{tmpl_var name='snippet_txt'}</label>
<div class="col-sm-9"><textarea class="form-control" name="snippet" id="snippet" rows='10' cols='50'>{tmpl_var name='snippet'}</textarea></div><span class="nginx"> {tmpl_var name='variables_txt'}: </span><a href="javascript:void(0);" class="addPlaceholder nginx">{DOCROOT}</a><span class="nginx">, </span><a href="javascript:void(0);" class="addPlaceholder nginx">{FASTCGIPASS}</a>
+ </div>
+ <div class="form-group php">
+ <label class="col-sm-3 control-label">{tmpl_var name='required_php_snippets_txt'}</label>
+ <div class="col-sm-9">
+ {tmpl_var name='required_php_snippets'}
+ </div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='customer_viewable_txt'}</label>
@@ -48,15 +54,19 @@
if (jQuery('#type').val() != 'nginx' && jQuery('#type').val() != 'apache') {
jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();
- }else {
+ jQuery('.php:visible').hide();
+ } else {
jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();
+ jQuery('.php:hidden').show();
}
jQuery('#type').change(function(){
if (jQuery(this).val() != 'nginx' && jQuery(this).val() != 'apache') {
jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();
+ jQuery('.php:visible').hide();
} else {
jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();
+ jQuery('.php:hidden').show();
}
if(jQuery(this).val() == 'nginx'){
jQuery('.nginx:hidden').show();
diff --git a/interface/web/admin/templates/directive_snippets_list.htm b/interface/web/admin/templates/directive_snippets_list.htm
index 3aae3f3615bd03c44996ca81afe04762ef6f54b2..bf43d42428a7616b1daaae233d167b9d68e4a863 100644
--- a/interface/web/admin/templates/directive_snippets_list.htm
+++ b/interface/web/admin/templates/directive_snippets_list.htm
@@ -37,7 +37,7 @@
<td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>
<td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="customer_viewable"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/firewall_list.htm b/interface/web/admin/templates/firewall_list.htm
index f60294ebdb59095702a39b034725f838c2aa9814..ac85f7e4fe1ae1b584315b0401bba1373e05a97a 100644
--- a/interface/web/admin/templates/firewall_list.htm
+++ b/interface/web/admin/templates/firewall_list.htm
@@ -40,7 +40,7 @@
<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tcp_port"}</a></td>
<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="udp_port"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/groups_list.htm b/interface/web/admin/templates/groups_list.htm
index f18ee8251d523c9216f137291f93ac97d81b9c3c..d53ee58b249d19934cc34f5dc44771ea9874fa90 100644
--- a/interface/web/admin/templates/groups_list.htm
+++ b/interface/web/admin/templates/groups_list.htm
@@ -35,7 +35,7 @@
<td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>
<td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="description"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/iptables_list.htm b/interface/web/admin/templates/iptables_list.htm
index 379f587dfe21e9b940269303c6db387fa3ff588f..e1fcb3dc034564c4701446a8769009a42d7a7634 100644
--- a/interface/web/admin/templates/iptables_list.htm
+++ b/interface/web/admin/templates/iptables_list.htm
@@ -51,7 +51,7 @@
<td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="state"}</a></td>
<td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="target"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/language_import.htm b/interface/web/admin/templates/language_import.htm
index 9b1c249bc5b160cfaa2532e7caccd250ce72e543..8bd653c13e8a33217e830ba187233bd1034c709d 100644
--- a/interface/web/admin/templates/language_import.htm
+++ b/interface/web/admin/templates/language_import.htm
@@ -23,7 +23,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/admin/templates/remote_user_list.htm b/interface/web/admin/templates/remote_user_list.htm
index 1b483456ad778bcb989ca37651936c3989560748..de65c64536cabab9d86d2286d7889ed2cc6e0f3c 100644
--- a/interface/web/admin/templates/remote_user_list.htm
+++ b/interface/web/admin/templates/remote_user_list.htm
@@ -33,7 +33,7 @@
<td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_userid"}</a></td>
<td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_username"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/server_config_list.htm b/interface/web/admin/templates/server_config_list.htm
index 5f6a2dc976cc91b82bedfb69e51f09c8522cc1f6..ef0935552af746e10252b01a63f2063668dea312 100644
--- a/interface/web/admin/templates/server_config_list.htm
+++ b/interface/web/admin/templates/server_config_list.htm
@@ -24,7 +24,7 @@
<tr>
<td><a href="#" data-load-content="admin/server_config_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/server_ip_list.htm b/interface/web/admin/templates/server_ip_list.htm
index 7aa218227c71e614cdea6a6f65306bdbf830b4ed..373bc4c6da3c743fd16c59e9c6aa66c4f8771b3a 100644
--- a/interface/web/admin/templates/server_ip_list.htm
+++ b/interface/web/admin/templates/server_ip_list.htm
@@ -45,7 +45,7 @@
<td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost"}</a></td>
<td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost_port"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/server_list.htm b/interface/web/admin/templates/server_list.htm
index 016b0cd1df8a5f1263ffbdfecc68f5e5ec2805a8..893872eed03038ce3d516d53d60e9e21c470394e 100644
--- a/interface/web/admin/templates/server_list.htm
+++ b/interface/web/admin/templates/server_list.htm
@@ -45,19 +45,19 @@
<td>{tmpl_var name="vserver_server"}</td>
<td>{tmpl_var name="xmpp_server"}</td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
<tmpl_unless name="records">
<tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">
- <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
+ <td colspan="7">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
</tr>
</tmpl_unless>
</tbody>
<tfoot>
<tr>
- <td colspan="8"><tmpl_var name="paging"></td>
+ <td colspan="7"><tmpl_var name="paging"></td>
</tr>
</tfoot>
</table>
diff --git a/interface/web/admin/templates/server_php_list.htm b/interface/web/admin/templates/server_php_list.htm
index 659797477c0b522c9919b6d1e45587d0bdf07f25..0fb98965bdd58931a6463933919b5fc8a3e76c6d 100644
--- a/interface/web/admin/templates/server_php_list.htm
+++ b/interface/web/admin/templates/server_php_list.htm
@@ -36,7 +36,7 @@
<td><a href="#" data-load-content="admin/server_php_edit.php?id={tmpl_var name='id'}">{tmpl_var name="client_id"}</a></td>
<td><a href="#" data-load-content="admin/server_php_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_php_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_php_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/software_package_list.htm b/interface/web/admin/templates/software_package_list.htm
index 4653de43bd117dc483fea72b17b1719a775a6212..31969c0575543e91949f3219df0c32b72256f3b6 100644
--- a/interface/web/admin/templates/software_package_list.htm
+++ b/interface/web/admin/templates/software_package_list.htm
@@ -32,8 +32,8 @@
<td>{tmpl_var name="package_description"}</td>
<td>ispapp{tmpl_var name="package_id"}</td>
<td class="text-right">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="admin/software_package_edit.php?id={tmpl_var name='package_id'}"><span class="icon icon-edit"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="admin/software_package_edit.php?id={tmpl_var name='package_id'}"><span class="icon icon-edit"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_if>
diff --git a/interface/web/admin/templates/software_repo_list.htm b/interface/web/admin/templates/software_repo_list.htm
index ab70e1484ded44b005415a09e5336df351a53f7b..8b1a48b56262181a20a12d40dec98a0606aab49e 100644
--- a/interface/web/admin/templates/software_repo_list.htm
+++ b/interface/web/admin/templates/software_repo_list.htm
@@ -37,7 +37,7 @@
<td><a href="#" data-load-content="admin/software_repo_edit.php?id={tmpl_var name='id'}">{tmpl_var name="repo_name"}</a></td>
<td><a href="#" data-load-content="admin/software_repo_edit.php?id={tmpl_var name='id'}">{tmpl_var name="repo_url"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_repo_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_repo_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/admin/templates/system_config_domains_edit.htm b/interface/web/admin/templates/system_config_domains_edit.htm
index a9c870510487ac55de56df7df18a9a4591100f88..c651e4246776a38c76c8b230113ce7db4b2b30e0 100644
--- a/interface/web/admin/templates/system_config_domains_edit.htm
+++ b/interface/web/admin/templates/system_config_domains_edit.htm
@@ -1,10 +1,10 @@
+<tmpl_if name="list_head_txt">
<div class='page-header'>
- <h1><tmpl_var name="list_head_txt"></h1>
+ <h1><tmpl_var name="list_head_txt"></h1>
</div>
-<p><tmpl_var name="list_desc_txt"></p>
+</tmpl_if>
+<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>
-
-
<div class="form-group">
<div style="float:left;width:100%">
<p class="label" style="width:270px">{tmpl_var name='use_domain_module_txt'}</p>
diff --git a/interface/web/admin/templates/system_config_misc_edit.htm b/interface/web/admin/templates/system_config_misc_edit.htm
index f36962f62acee0bcd8fadd62b667af7f17a4e71f..e8b6889de20af2a11be4de53ecde2daa9a12c570 100644
--- a/interface/web/admin/templates/system_config_misc_edit.htm
+++ b/interface/web/admin/templates/system_config_misc_edit.htm
@@ -3,8 +3,14 @@
</div>
<p><tmpl_var name="list_desc_txt"></p>
-
- <legend>Misc</legend>
+ <div class="form-group">
+ <label for="file" class="col-sm-3 control-label">{tmpl_var name='logo_txt'}</label>
+ <div class="col-sm-3 col-text"><input name="file" id="file" size="30" type="file" class="fileUpload" /></div><div class="col-sm-6"><button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" id="start_upload">{tmpl_var name='upload_txt'}</button></div>
+ </div>
+ <div class="form-group">
+ <label for="dashboard_atom_url_admin" class="col-sm-3 control-label">{tmpl_var name='used_logo_txt'}</label>
+ <div class="col-sm-9" id="used_logo">{tmpl_var name='used_logo'}</div>
+ </div>
<div class="form-group">
<label for="dashboard_atom_url_admin" class="col-sm-3 control-label">{tmpl_var name='dashboard_atom_url_admin_txt'}</label>
<div class="col-sm-9"><input type="text" name="dashboard_atom_url_admin" id="dashboard_atom_url_admin" value="{tmpl_var name='dashboard_atom_url_admin'}" size="" maxlength="" class="form-control" /></div></div>
@@ -98,9 +104,83 @@
{tmpl_var name='maintenance_mode'}
</div>
</div>
+
+ <tmpl_if name="msg">
+ <div id="OKMsg"><p><tmpl_var name="msg"></p></div>
+ </tmpl_if>
+ <tmpl_if name="error">
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
+ </tmpl_if>
- <input type="hidden" name="id" value="{tmpl_var name='id'}">
+ <input type="hidden" name="id" id="id" value="{tmpl_var name='id'}">
<div class="clear"><div class="right">
<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/system_config_edit.php">{tmpl_var name='btn_save_txt'}</button>
<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/server_list.php">{tmpl_var name='btn_cancel_txt'}</button>
- </div></div>
\ No newline at end of file
+ </div></div>
+<script language="JavaScript" type="text/javascript">
+ var defaultLogo = '{tmpl_var name='default_logo'}';
+ $(document).on('click', '#del_custom_logo', function(){
+ delCustomLogo();
+ });
+
+ function delCustomLogo() {
+ var id = jQuery('input[name="id"]').val();
+
+ jQuery.getJSON('admin/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'id': id, 'type': "delcustomlogo"}, function(data) {
+ //console.log(data);
+ $('#used_logo').html(defaultLogo);
+ $('#logo').css({ "background": "url("+data.data+") no-repeat", "width": data.width, "height": data.height });
+ });
+ }
+
+ // Variable to store your files
+ var files;
+ // Add events
+ $('input[type="file"]').on('change', prepareUpload);
+ $('#start_upload').on('click', uploadFiles);
+
+ // Grab the files and set them to our variable
+ function prepareUpload(event){
+ files = event.target.files;
+ }
+
+ // Catch the form submit and upload the files
+ function uploadFiles(event){
+ event.stopPropagation(); // Stop stuff happening
+ event.preventDefault(); // Totally stop stuff happening
+
+ var id = jQuery('input[name="id"]').val();
+
+ // Create a formdata object and add the files
+ var data = new FormData();
+ $.each(files, function(key, value){
+ data.append(key, value);
+ });
+
+ $.ajax({
+ url: 'admin/ajax_get_json.php?id='+id+'&type=uploadfile',
+ type: 'POST',
+ data: data,
+ cache: false,
+ dataType: 'json',
+ processData: false, // Don't process the files
+ contentType: false, // Set content type to false as jQuery will tell the server its a query string request
+ success: function(data, textStatus, jqXHR){
+ if(typeof data.error === 'undefined'){
+ // Success so call function to process the form
+ //console.log(data);
+ $('#used_logo').html('<img src="'+data.data+'" /> <a href="#" class="btn btn-default formbutton-danger formbutton-narrow" style="margin:5px" id="del_custom_logo"><span class="icon icon-delete"></span></a>');
+ $('#logo').css({ "background": "url("+data.data+") no-repeat", "width": data.width, "height": data.height });
+ } else {
+ // Handle errors here
+ //console.log(data);
+ }
+ },
+ error: function(jqXHR, textStatus, errorThrown){
+ // Handle errors here
+ //console.log(data);
+ }
+ });
+ }
+
+</script>
\ No newline at end of file
diff --git a/interface/web/admin/templates/users_list.htm b/interface/web/admin/templates/users_list.htm
index 1898974f384bc64d17ba926dfb5d898f83ad83b8..b7872527ff8127187f45053de94ce15963ac5760 100644
--- a/interface/web/admin/templates/users_list.htm
+++ b/interface/web/admin/templates/users_list.htm
@@ -42,8 +42,8 @@
<td>{tmpl_var name="groups"}</td>
<td class="text-right">
<tmpl_if name="username" op="!=" value="admin">
- <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='client_id'}"><span class="icon icon-loginas"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='client_id'}"><span class="icon icon-loginas"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</tmpl_if>
</td>
</tr>
diff --git a/interface/web/admin/tpl_default.php b/interface/web/admin/tpl_default.php
index 57395cfb285436e69945474389d9be203545db90..c7b79112ca4cbf015637e94d662e7f8eeaafcd41 100644
--- a/interface/web/admin/tpl_default.php
+++ b/interface/web/admin/tpl_default.php
@@ -51,21 +51,6 @@ $app->load('tform_actions');
class page_action extends tform_actions {
- // function onBeforeUpdate() {
- // global $app, $conf;
- //
- // //* Check if the server has been changed
- // // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
- // if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
- // $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
- // if($rec['server_id'] != $this->dataRecord["server_id"]) {
- // //* Add a error message and switch back to old server
- // $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
- // $this->dataRecord["server_id"] = $rec['server_id'];
- // }
- // unset($rec);
- // }
- // }
}
$page = new page_action;
diff --git a/interface/web/admin/users_edit.php b/interface/web/admin/users_edit.php
index 0a14ca5e1e4e30bf11480d8d5f504f4874396876..e3919649b934644a5eafcd2da22546314885d154 100644
--- a/interface/web/admin/users_edit.php
+++ b/interface/web/admin/users_edit.php
@@ -96,23 +96,23 @@ class page_action extends tform_actions {
function onAfterUpdate() {
global $app, $conf;
- $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
+ $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $this->id);
$client_id = $app->functions->intval($client['client_id']);
- $username = $app->db->quote($this->dataRecord["username"]);
- $old_username = $app->db->quote($this->oldDataRecord['username']);
+ $username = $this->dataRecord["username"];
+ $old_username = $this->oldDataRecord['username'];
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
- $sql = "UPDATE client SET username = '$username' WHERE client_id = $client_id AND username = '$old_username'";
- $app->db->query($sql);
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
- $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+ $sql = "UPDATE client SET username = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $username, $client_id, $old_username);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
+ $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
unset($tmp);
}
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["passwort"]) && $this->dataRecord["passwort"] != '') {
- $password = $app->db->quote($this->dataRecord["passwort"]);
+ $password = $this->dataRecord["passwort"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
@@ -120,28 +120,17 @@ class page_action extends tform_actions {
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
- $sql = "UPDATE client SET password = '$password' WHERE client_id = $client_id AND username = '$username'";
- $app->db->query($sql);
+ $sql = "UPDATE client SET password = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $password, $client_id, $username);
}
// language changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
- $language = $app->db->quote($this->dataRecord["language"]);
- $sql = "UPDATE client SET language = '$language' WHERE client_id = $client_id AND username = '$username'";
- $app->db->query($sql);
+ $language = $this->dataRecord["language"];
+ $sql = "UPDATE client SET language = ? WHERE client_id = ? AND username = ?";
+ $app->db->query($sql, $language, $client_id, $username);
}
- // reseller status changed
- /*
- if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
- $modules = $conf['interface_modules_enabled'];
- if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
- $modules = $app->db->quote($modules);
- $client_id = $this->id;
- $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
- $app->db->query($sql);
- }
- */
parent::onAfterUpdate();
}
diff --git a/interface/web/capp.php b/interface/web/capp.php
index 2c143180f0cb24f459c53757af4f5a158a3346cd..bf45644f24c5b4d2f74ba680261b3d1579b006cc 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -43,6 +43,7 @@ if($_SESSION["s"]["user"]['active'] != 1) {
}
if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
+if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,7}$/i", $redirect)) die('redirect contains unallowed chars.');
//* Check if user may use the module.
$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index a8cd7cc954749bbb3ca8809c3763177f2f06206b..3e0d6bccb3152e475d7bdc29422c8fdfa456581c 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -74,11 +74,7 @@ class page_action extends tform_actions {
$this->dataRecord = $app->tform->getDataRecord($this->id);
$client_id = $app->functions->intval($this->dataRecord['client_id']);
-
-
- //$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- //$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
// Get all records (sub-clients, mail, web, etc....) of this client.
$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';
@@ -89,7 +85,7 @@ class page_action extends tform_actions {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
$number = count($records);
if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
}
@@ -121,15 +117,15 @@ class page_action extends tform_actions {
if($client_id > 0) {
// remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
// delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
// delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
// Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain';
@@ -138,7 +134,7 @@ class page_action extends tform_actions {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -152,11 +148,11 @@ class page_action extends tform_actions {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 5c47fe5fa187c071ac50ffbee1cbda0f27b832ff..bbeb82223a5782401d138ba3ee47fe051d647deb 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -59,11 +59,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -82,11 +82,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -103,7 +103,7 @@ class page_action extends tform_actions {
}
if($this->id != 0) {
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $this->id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -140,7 +140,7 @@ class page_action extends tform_actions {
$app->tpl->setVar('tpl_add_select', $option);
// check for new-style records
- $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ' . $this->id);
+ $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);
if($result && count($result) > 0) {
// new style
$items = array();
@@ -166,8 +166,8 @@ class page_action extends tform_actions {
unset($tmprec);
} else {
// old style
- $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_additional FROM client WHERE client_id = ?";
+ $result = $app->db->queryOneRecord($sql, $this->id);
$tplAdd = explode("/", $result['template_additional']);
$text = '';
foreach($tplAdd as $item){
@@ -196,31 +196,18 @@ class page_action extends tform_actions {
$customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);
$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);
$app->tpl->setVar('customer_no',$customer_no_string);
-
- //* save new counter value
- /*
- $system_config['misc']['customer_no_counter']++;
- $system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
- */
}
} else {
//* Logged in user must be a reseller
//* get the record of the reseller
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
if($reseller['customer_no_template'] != '') {
//* Set customer no default
$customer_no = $app->functions->intval($reseller['customer_no_start']+$reseller['customer_no_counter']);
$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$reseller['customer_no_template']);
$app->tpl->setVar('customer_no',$customer_no_string);
-
- //* save new counter value
- /*
- $customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);
- $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));
- */
}
}
}
@@ -254,42 +241,42 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
// Create the group for the client
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');
$groups = $groupid;
- $username = $app->db->quote($this->dataRecord["username"]);
- $password = $app->db->quote($this->dataRecord["password"]);
+ $username = $this->dataRecord["username"];
+ $password = $this->dataRecord["password"];
$modules = $conf['interface_modules_enabled'];
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] > 0) $modules .= ',client';
$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
- $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
+ $usertheme = $this->dataRecord["usertheme"];
$type = 'user';
$active = 1;
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$password = $app->auth->crypt_password($password);
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
- $app->db->query($sql);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
//* to his groups, so he can administrate the records of this client.
if($_SESSION['s']['user']['typ'] == 'user') {
$app->auth->add_group_to_user($_SESSION['s']['user']['userid'], $groupid);
- $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $_SESSION['s']['user']['client_id'], $this->id);
} else {
if($this->dataRecord['parent_client_id'] > 0) {
//* get userid of the reseller and add it to the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);
$app->auth->add_group_to_user($tmp['userid'], $groupid);
- $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $this->dataRecord['parent_client_id'], $this->id);
unset($tmp);
}
}
@@ -319,8 +306,8 @@ class page_action extends tform_actions {
$default_dnsserver = $app->functions->intval($tmp['server_id']);
}
- $sql = "UPDATE client SET mail_servers = $default_mailserver, web_servers = $default_webserver, dns_servers = $default_dnsserver, default_slave_dnsserver = $default_dnsserver, db_servers = $default_dbserver WHERE client_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET mail_servers = ?, web_servers = ?, dns_servers = ?, default_slave_dnsserver = ?, db_servers = ? WHERE client_id = ?";
+ $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);
if(isset($this->dataRecord['template_master'])) {
$app->uses('client_templates');
@@ -338,26 +325,26 @@ class page_action extends tform_actions {
//* save new counter value
$system_config['misc']['customer_no_counter']++;
$system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
+ $app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);
}
} else {
//* Logged in user must be a reseller
//* get the record of the reseller
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
if($reseller['customer_no_template'] != '') {
//* save new counter value
$customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);
- $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));
+ $app->db->query("UPDATE client SET customer_no_counter = ? WHERE client_id = ?", $customer_no_counter, $reseller['client_id']);
}
}
}
//* Send welcome email
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
- $email_template = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
+ $email_template = $app->db->queryOneRecord($sql, $client_group_id);
$client = $app->tform->getDataRecord($this->id);
if(is_array($email_template) && $client['email'] != '') {
@@ -387,7 +374,7 @@ class page_action extends tform_actions {
$from = $system_config['admin_mail'];
} else {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
$from = $reseller["email"];
}
@@ -408,19 +395,19 @@ class page_action extends tform_actions {
global $app, $conf;
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
- $username = $app->db->quote($this->dataRecord["username"]);
+ $username = $this->dataRecord["username"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";
+ $app->db->query($sql, $username, $client_id);
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
- $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
+ $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
unset($tmp);
}
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
- $password = $app->db->quote($this->dataRecord["password"]);
+ $password = $this->dataRecord["password"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
@@ -429,8 +416,8 @@ class page_action extends tform_actions {
$salt.="$";
$password = crypt(stripslashes($password), $salt);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
+ $app->db->query($sql, $password, $client_id);
}
if(!isset($this->dataRecord['locked'])) $this->dataRecord['locked'] = 'n';
@@ -439,7 +426,7 @@ class page_action extends tform_actions {
// get tmp_data of client
- $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ' . $this->id);
+ $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ?', $this->id);
if($client_data['tmp_data'] == '') $tmp_data = array();
else $tmp_data = unserialize($client_data['tmp_data']);
@@ -463,8 +450,8 @@ class page_action extends tform_actions {
'web_folder_user' => 'web_folder_user_id'
);
- $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ' . $this->id);
- $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ' . $this->id);
+ $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ?', $this->id);
+ $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ?', $this->id);
$sys_groupid = $gdata['groupid'];
$sys_userid = $udata['userid'];
@@ -486,7 +473,7 @@ class page_action extends tform_actions {
if(!isset($prev_active[$current])) $prev_active[$current] = array();
if(!isset($prev_sysuser[$current])) $prev_sysuser[$current] = array();
- $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id`, `sys_userid`, `' . $active_col . '` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);
+ $entries = $app->db->queryAllRecords('SELECT ?? as `id`, `sys_userid`, ?? FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $active_col, $current, $sys_groupid);
foreach($entries as $item) {
if($item[$active_col] != 'y' && $reverse == false) $prev_active[$current][$item['id']][$active_col] = 'n';
@@ -500,7 +487,7 @@ class page_action extends tform_actions {
$tmp_data['prev_active'] = $prev_active;
$tmp_data['prev_sys_userid'] = $prev_sysuser;
- $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);
+ $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);
unset($prev_active);
unset($prev_sysuser);
} elseif($this->dataRecord['locked'] == 'n') {
@@ -515,7 +502,7 @@ class page_action extends tform_actions {
$reverse = true;
}
- $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);
+ $entries = $app->db->queryAllRecords('SELECT ?? as `id` FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $current, $sys_groupid);
foreach($entries as $item) {
$set_active = ($reverse == true ? 'n' : 'y');
$set_inactive = ($reverse == true ? 'y' : 'n');
@@ -533,7 +520,7 @@ class page_action extends tform_actions {
}
}
if(array_key_exists('prev_active', $tmp_data)) unset($tmp_data['prev_active']);
- $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);
+ $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);
}
unset($tmp_data);
unset($entries);
@@ -543,43 +530,42 @@ class page_action extends tform_actions {
if(!isset($this->dataRecord['canceled'])) $this->dataRecord['canceled'] = 'n';
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && $this->dataRecord["canceled"] != $this->oldDataRecord['canceled']) {
if($this->dataRecord['canceled'] == 'y') {
- $sql = "UPDATE sys_user SET active = '0' WHERE client_id = " . $this->id;
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET active = '0' WHERE client_id = ?";
+ $app->db->query($sql, $this->id);
} elseif($this->dataRecord['canceled'] == 'n') {
- $sql = "UPDATE sys_user SET active = '1' WHERE client_id = " . $this->id;
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET active = '1' WHERE client_id = ?";
+ $app->db->query($sql, $this->id);
}
}
// language changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";
+ $app->db->query($sql, $language, $client_id);
}
//* reseller status changed
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
$modules = $conf['interface_modules_enabled'];
if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
- $modules = $app->db->quote($modules);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";
+ $app->db->query($sql, $modules, $client_id);
}
//* Client has been moved to another reseller
if($_SESSION['s']['user']['typ'] == 'admin' && isset($this->dataRecord['parent_client_id']) && $this->dataRecord['parent_client_id'] != $this->oldDataRecord['parent_client_id']) {
//* Get groupid of the client
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $this->id);
$groupid = $tmp['groupid'];
unset($tmp);
//* Remove sys_user of old reseller from client group
if($this->oldDataRecord['parent_client_id'] > 0) {
//* get userid of the old reseller remove it from the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->oldDataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->oldDataRecord['parent_client_id']);
$app->auth->remove_group_from_user($tmp['userid'], $groupid);
unset($tmp);
}
@@ -587,13 +573,13 @@ class page_action extends tform_actions {
//* Add sys_user of new reseller to client group
if($this->dataRecord['parent_client_id'] > 0) {
//* get userid of the reseller and add it to the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);
$app->auth->add_group_to_user($tmp['userid'], $groupid);
- $app->db->query("UPDATE client SET sys_userid = ".$app->functions->intval($tmp['userid']).", sys_groupid = ".$app->functions->intval($tmp['default_group']).", parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET sys_userid = ?, sys_groupid = ?, parent_client_id = ? WHERE client_id = ?", $tmp['userid'], $tmp['default_group'], $this->dataRecord['parent_client_id'], $this->id);
unset($tmp);
} else {
//* Client is not assigned to a reseller anymore, so we assign it to the admin
- $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ?", $this->id);
}
}
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 5707e88206be5b02ffe24d8be088f3d14d184b2b..0e3bd2e9fec9f0885eac5b11baf5fd949266534c 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -60,7 +60,7 @@ if(isset($_POST) && count($_POST) > 1) {
//* Send message
if($error == '') {
if($app->functions->intval($_POST['recipient']) > 0){
- $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+ $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);
if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
$tmp_client_ids = explode(',', $circle['client_ids']);
$where = array();
@@ -120,8 +120,8 @@ if(isset($_POST) && count($_POST) > 1) {
if($_SESSION["s"]["user"]["typ"] != 'admin'){
$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']);
if($client_id > 0){
- $sql = "SELECT email FROM client WHERE client_id = ".$client_id;
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT email FROM client WHERE client_id = ?";
+ $client = $app->db->queryOneRecord($sql, $client_id);
if($client['email'] != '') $app->tpl->setVar('sender', $client['email']);
}
}
diff --git a/interface/web/client/client_template_del.php b/interface/web/client/client_template_del.php
index b57224f8ebfd3d73f4852f5f5185491a49f4ad16..12883546020b88afe12c9768603a76604dc508bf 100644
--- a/interface/web/client/client_template_del.php
+++ b/interface/web/client/client_template_del.php
@@ -54,13 +54,13 @@ class page_action extends tform_actions {
global $app;
// check new style
- $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ?", $this->id);
if($rec['number'] > 0) {
$app->error($app->tform->lng('template_del_aborted_txt'));
}
// check old style
- $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ".$this->id." OR template_additional like '%/".$this->id."/%'");
+ $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ? OR template_additional like ?", $this->id, '%/".$this->id."/%');
if($rec['number'] > 0) {
$app->error($app->tform->lng('template_del_aborted_txt'));
}
diff --git a/interface/web/client/client_template_edit.php b/interface/web/client/client_template_edit.php
index 256ff49732350fbd23ef1255659fe28381f5211b..a895105ef6921eed10501e6a8b6f2ced47e9756c 100644
--- a/interface/web/client/client_template_edit.php
+++ b/interface/web/client/client_template_edit.php
@@ -69,7 +69,7 @@ class page_action extends tform_actions {
if(isset($this->dataRecord['template_type'])) {
//* Check if the template_type has been changed
- $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ?", $this->id);
if($rec['template_type'] != $this->dataRecord['template_type']) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The template type can not be changed.');
@@ -99,11 +99,12 @@ class page_action extends tform_actions {
* the template has changed. apply the new data to all clients
*/
if ($template_type == 'm'){
- $sql = "SELECT client_id FROM client WHERE template_master = " . $this->id;
+ $sql = "SELECT client_id FROM client WHERE template_master = ?";
+ $clients = $app->db->queryAllRecords($sql, $this->id);
} else {
- $sql = "SELECT client_id FROM client WHERE template_additional LIKE '%/" . $this->id . "/%' OR template_additional LIKE '" . $this->id . "/%' OR template_additional LIKE '%/" . $this->id . "' UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = " . $this->id;
+ $sql = "SELECT client_id FROM client WHERE template_additional LIKE ? OR template_additional LIKE ? OR template_additional LIKE ? UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = ?";
+ $clients = $app->db->queryAllRecords($sql, '%/' . $this->id . '/%', $this->id . '/%', '%/' . $this->id, $this->id);
}
- $clients = $app->db->queryAllRecords($sql);
if (is_array($clients)){
foreach ($clients as $client){
$app->client_templates->apply_client_templates($client['client_id']);
diff --git a/interface/web/client/domain_del.php b/interface/web/client/domain_del.php
index 6bc07e60ddebfd823adf6933e4bc8d113bcc97ff..701b4494b8f92a1885a45ca750931a1f30a852f2 100644
--- a/interface/web/client/domain_del.php
+++ b/interface/web/client/domain_del.php
@@ -62,26 +62,26 @@ class page_action extends tform_actions {
*/
$domain = $this->dataRecord['domain'];
- $sql = "SELECT id FROM dns_soa WHERE origin = '" . $app->db->quote($domain.".") . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT id FROM dns_soa WHERE origin = ?";
+ $res = $app->db->queryOneRecord($sql, $domain.".");
if (is_array($res)){
$app->error($wb['error_domain_in dnsuse']);
}
- $sql = "SELECT id FROM dns_slave WHERE origin = '" . $app->db->quote($domain.".") . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT id FROM dns_slave WHERE origin = ?";
+ $res = $app->db->queryOneRecord($sql, $domain.".");
if (is_array($res)){
$app->error($wb['error_domain_in dnsslaveuse']);
}
- $sql = "SELECT domain_id FROM mail_domain WHERE domain = '" . $app->db->quote($domain) . "'";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id FROM mail_domain WHERE domain = ?";
+ $res = $app->db->queryOneRecord($sql, $domain);
if (is_array($res)){
$app->error($wb['error_domain_in mailuse']);
}
- $sql = "SELECT domain_id FROM web_domain WHERE (domain = '" . $app->db->quote($domain) . "' AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE '%." . $app->db->quote($domain) . "' AND type IN ('subdomain', 'vhostsubdomain'))";
- $res = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id FROM web_domain WHERE (domain = ? AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE ? AND type IN ('subdomain', 'vhostsubdomain'))";
+ $res = $app->db->queryOneRecord($sql, $domain, '%.' . $domain);
if (is_array($res)){
$app->error($wb['error_domain_in webuse']);
}
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 889bb4f4bdf2966be36002dd4df78e3dfb7aff6f..9064581c17396cd64623157bf83040c2f6403882 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -97,13 +97,13 @@ class page_action extends tform_actions {
} else {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
//die($sql);
- $records = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($records)) {
@@ -197,7 +197,7 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) || ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
}
}
@@ -206,23 +206,23 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name");
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? AND sys_group.groupid = ? ORDER BY client.company_name, client.contact_name, sys_group.name", $client['client_id'], $this->dataRecord["client_group_id"]);
$this->dataRecord["client_group_id"] = $group["groupid"];
- }
+ }
// make sure that the record belongs to the client group and not the admin group when admin inserts it
// also make sure that the user can not delete domain created by a admin
if(isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
$data = new tform_actions();
$tform = $app->tform;
$app->tform = new tform();
$app->tform->loadFormDef("../dns/form/dns_soa.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin LIKE '".$this->dataRecord['domain'].".'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $this->dataRecord['domain'].".");
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['id'];
@@ -230,7 +230,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../dns/form/dns_slave.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin LIKE '".$this->dataRecord['domain'].".'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ?", $this->dataRecord['domain'].".");
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['id'];
@@ -238,7 +238,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../mail/form/mail_domain.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$this->dataRecord['domain']."'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']);
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['domain_id'];
@@ -246,7 +246,7 @@ class page_action extends tform_actions {
}
$app->tform->loadFormDef("../sites/form/web_vhost_domain.tform.php");
- $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$this->dataRecord['domain']."'");
+ $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $this->dataRecord['domain']);
if ($data->oldDataRecord) {
$data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));
$data->id = $data->dataRecord['domain_id'];
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 7507c184357a7fa2ef58e4e5c60355678518835e..ef8ce33879ae59ca5dd67e514cf11864c2011757 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -116,7 +116,10 @@ $form["tabs"]['address'] = array (
'maxlength' => '255',
'rows' => '',
'cols' => '',
- 'searchable' => 1
+ 'searchable' => 1,
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'TRIM'),
+ ),
),
'contact_name' => array (
'datatype' => 'VARCHAR',
@@ -131,7 +134,10 @@ $form["tabs"]['address'] = array (
'maxlength' => '255',
'rows' => '',
'cols' => '',
- 'searchable' => 1
+ 'searchable' => 1,
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'TRIM'),
+ ),
),
'customer_no' => array (
'datatype' => 'VARCHAR',
diff --git a/interface/web/client/form/reseller.tform.php b/interface/web/client/form/reseller.tform.php
index 75e9fa2e67fe37de78d6d57018279b20aaa5c940..822e96ab72b488dfb92ca8ce0b75ef7ed3c1253f 100644
--- a/interface/web/client/form/reseller.tform.php
+++ b/interface/web/client/form/reseller.tform.php
@@ -116,7 +116,10 @@ $form["tabs"]['address'] = array (
'maxlength' => '255',
'rows' => '',
'cols' => '',
- 'searchable' => 1
+ 'searchable' => 1,
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'TRIM'),
+ ),
),
'contact_name' => array (
'datatype' => 'VARCHAR',
@@ -131,7 +134,10 @@ $form["tabs"]['address'] = array (
'maxlength' => '255',
'rows' => '',
'cols' => '',
- 'searchable' => 1
+ 'searchable' => 1,
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'TRIM'),
+ ),
),
'customer_no' => array (
'datatype' => 'VARCHAR',
diff --git a/interface/web/client/lib/module.conf.php b/interface/web/client/lib/module.conf.php
index e4bddd72f292e8c6738175c9c61d84449a17bf96..7d6f1b34e82c13d073b9bc209905e13789aa5a74 100644
--- a/interface/web/client/lib/module.conf.php
+++ b/interface/web/client/lib/module.conf.php
@@ -5,6 +5,7 @@ $module["title"] = "top_menu_client";
$module["template"] = "module.tpl.htm";
$module["startpage"] = "client/client_list.php";
$module["tab_width"] = '';
+$module['order'] = '20';
$items[] = array( 'title' => "Edit Client",
diff --git a/interface/web/client/lib/remote.conf.php b/interface/web/client/lib/remote.conf.php
index 6ac8ae1f8fc30a1591728a01dc9597e680c2ea4f..d58029e8513ad78a26ca2abfa783ec41d70bfea8 100644
--- a/interface/web/client/lib/remote.conf.php
+++ b/interface/web/client/lib/remote.conf.php
@@ -1,6 +1,6 @@
<?php
-$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_change_password,client_get_id,client_delete_everything,client_get_emailcontact'] = 'Client functions';
+$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_get_by_customer_no,client_change_password,client_get_id,client_delete_everything,client_get_emailcontact'] = 'Client functions';
$function_list['domains_domain_get,domains_domain_add,domains_domain_delete,domains_get_all_by_user'] = 'Domaintool functions';
$function_list['quota_get_by_user,trafficquota_get_by_user,mailquota_get_by_user,databasequota_get_by_user'] = 'Quota functions';
diff --git a/interface/web/client/list/client_circle.list.php b/interface/web/client/list/client_circle.list.php
index d1ef3ad50b832e36fd464f46ad7d87f178938981..56085c4c366858aff2b2361b9306610cf728b054 100644
--- a/interface/web/client/list/client_circle.list.php
+++ b/interface/web/client/list/client_circle.list.php
@@ -63,7 +63,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "circle_name",
'datatype' => "VARCHAR",
diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php
index 819e267657aab3c753984138b8512f4993d0ef20..7d285ac7ef86e6bd1f6ee7a379ef21cb24f62e7d 100644
--- a/interface/web/client/message_template_edit.php
+++ b/interface/web/client/message_template_edit.php
@@ -56,12 +56,11 @@ class page_action extends tform_actions {
// Check for duplicates
if($this->dataRecord['template_type'] == 'welcome') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
+ $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
if($this->id > 0) {
- $sql .= " AND client_message_template_id != ".$this->id;
+ $sql .= " AND client_message_template_id != ?";
}
-
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $client_group_id, $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng('duplicate_welcome_error');
}
diff --git a/interface/web/client/reseller_del.php b/interface/web/client/reseller_del.php
index e9d1dd32b8947a67bd2544b269fe4d61cbcc81ee..55872beabd3567f1c536bf775ac534d3d6133cee 100644
--- a/interface/web/client/reseller_del.php
+++ b/interface/web/client/reseller_del.php
@@ -59,7 +59,7 @@ class page_action extends tform_actions {
$client_id = $app->functions->intval($this->dataRecord['client_id']);
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ".$client_id);
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ?", $client_id);
if($tmp["number"] > 0) $app->error($app->lng('error_has_clients'));
}
@@ -74,15 +74,15 @@ class page_action extends tform_actions {
// remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
// delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
// delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
}
}
diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index 4a7cc874077c524334e7438585536e9d8c9c75d1..fff4202064b27d4246ede0649bebaaf1ef378678 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -61,11 +61,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -84,11 +84,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
}
if($this->id != 0) {
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $this->id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -134,7 +134,7 @@ class page_action extends tform_actions {
$app->tpl->setVar('tpl_add_select', $option);
// check for new-style records
- $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ' . $this->id);
+ $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);
if($result && count($result) > 0) {
// new style
$items = array();
@@ -160,8 +160,8 @@ class page_action extends tform_actions {
unset($tmprec);
} else {
// old style
- $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_additional FROM client WHERE client_id = ?";
+ $result = $app->db->queryOneRecord($sql, $this->id);
$tplAdd = explode("/", $result['template_additional']);
$text = '';
foreach($tplAdd as $item){
@@ -186,13 +186,6 @@ class page_action extends tform_actions {
$customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);
$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);
$app->tpl->setVar('customer_no',$customer_no_string);
-
- //* save new counter value
- /*
- $system_config['misc']['customer_no_counter']++;
- $system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
- */
}
}
@@ -207,17 +200,17 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
// Create the group for the reseller
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');
$groups = $groupid;
- $username = $app->db->quote($this->dataRecord["username"]);
- $password = $app->db->quote($this->dataRecord["password"]);
- $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
+ $username = $this->dataRecord["username"];
+ $password = $this->dataRecord["password"];
+ $modules = $conf['interface_modules_enabled'] . ',client';
$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
- $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
+ $usertheme = $this->dataRecord["usertheme"];
$type = 'user';
$active = 1;
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
@@ -229,11 +222,11 @@ class page_action extends tform_actions {
// Create the controlpaneluser for the reseller
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
- $app->db->query($sql);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);
//* set the number of clients to 1
- $app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ?", $this->id);
//* Set the default servers
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1');
@@ -245,8 +238,8 @@ class page_action extends tform_actions {
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 LIMIT 0,1');
$default_dbserver = $app->functions->intval($tmp['server_id']);
- $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_slave_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_slave_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";
+ $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);
if(isset($this->dataRecord['template_master'])) {
$app->uses('client_templates');
@@ -262,15 +255,15 @@ class page_action extends tform_actions {
//* save new counter value
$system_config['misc']['customer_no_counter']++;
$system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
+ $app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);
}
}
//* Send welcome email
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
- $email_template = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
+ $email_template = $app->db->queryOneRecord($sql, $client_group_id);
$client = $app->tform->getDataRecord($this->id);
if(is_array($email_template) && $client['email'] != '') {
@@ -300,7 +293,7 @@ class page_action extends tform_actions {
$from = $system_config['admin_mail'];
} else {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
$from = $reseller["email"];
}
@@ -321,19 +314,19 @@ class page_action extends tform_actions {
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
- $username = $app->db->quote($this->dataRecord["username"]);
+ $username = $this->dataRecord["username"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";
+ $app->db->query($sql, $username, $client_id);
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
- $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
+ $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
unset($tmp);
}
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
- $password = $app->db->quote($this->dataRecord["password"]);
+ $password = $this->dataRecord["password"];
$client_id = $this->id;
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
@@ -342,32 +335,32 @@ class page_action extends tform_actions {
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
- $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
+ $app->db->query($sql, $password, $client_id);
}
// language changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";
+ $app->db->query($sql, $language, $client_id);
}
// ensure that a reseller is not converted to a client in demo mode when client_id <= 2
if(isset($conf['demo_mode']) && $conf['demo_mode'] == true && $this->id <= 2) {
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != -1) {
- $app->db->query('UPDATE client set limit_client = -1 WHERE client_id = '.$this->id);
+ $app->db->query('UPDATE client set limit_client = -1 WHERE client_id = ?', $this->id);
}
}
// reseller status changed
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
- $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
- $modules = $app->db->quote($modules);
+ $modules = $conf['interface_modules_enabled'] . ',client';
+ $modules = $modules;
$client_id = $this->id;
- $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";
+ $app->db->query($sql, $modules, $client_id);
}
if(isset($this->dataRecord['template_master'])) {
diff --git a/interface/web/client/templates/client_circle_edit.htm b/interface/web/client/templates/client_circle_edit.htm
index ddc3f6e1c9ce05378a10d3e6db2e6c782b427afc..0bdf2f49a059d6465061168d530d8a4bac587100 100644
--- a/interface/web/client/templates/client_circle_edit.htm
+++ b/interface/web/client/templates/client_circle_edit.htm
@@ -1,10 +1,11 @@
+<tmpl_if name="list_head_txt">
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
-<p><tmpl_var name="list_desc_txt"></p>
+</tmpl_if>
+<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>
- <legend>{tmpl_var name='circle_txt'}</legend>
<div class="form-group">
<label for="circle_name" class="col-sm-3 control-label">{tmpl_var name='circle_name_txt'}*</label>
<div class="col-sm-9"><input type="text" name="circle_name" id="circle_name" value="{tmpl_var name='circle_name'}" class="form-control" /></div></div>
diff --git a/interface/web/client/templates/client_circle_list.htm b/interface/web/client/templates/client_circle_list.htm
index d1ec76766247f7bb87b34e686b87fc335f3ecbbd..56bce62d6c3b823587308506199607790bbd8eb6 100644
--- a/interface/web/client/templates/client_circle_list.htm
+++ b/interface/web/client/templates/client_circle_list.htm
@@ -40,7 +40,7 @@
<td><a href="#" data-load-content="client/client_circle_edit.php?id={tmpl_var name='id'}">{tmpl_var name="circle_name"}</a></td>
<td><a href="#" data-load-content="client/client_circle_edit.php?id={tmpl_var name='id'}">{tmpl_var name="description"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_circle_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_circle_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/client/templates/client_edit_limits.htm b/interface/web/client/templates/client_edit_limits.htm
index ed150b4d12f9dbb6ae979e2aa1e3e7eaa25e4c40..e7de5c66540845b19a40fcbd274bbf18901d5bcc 100644
--- a/interface/web/client/templates/client_edit_limits.htm
+++ b/interface/web/client/templates/client_edit_limits.htm
@@ -1,20 +1,14 @@
+<tmpl_if name="list_head_txt">
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
-<p><tmpl_var name="list_desc_txt"></p>
+</tmpl_if>
+<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>
<div class="panel panel_client">
-
- <div class="pnl_toolsarea">
- <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
- <div class="buttons topbuttons">
- <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='add_additional_template_txt'}" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name='add_additional_template_txt'}</button>
- </div>
-
- </div>
-
- <div class="pnl_formsarea">
- <legend>Limits</legend>
+
+ <div class="pnl_formsarea">
+ <fieldset class="inlineLabels"><legend>Limits</legend>
<div class="form-group">
<label for="template_master" class="col-sm-3 control-label">{tmpl_var name='template_master_txt'}</label>
<div class="col-sm-9"><select name="template_master" id="template_master" class="form-control">
@@ -27,9 +21,12 @@
{tmpl_var name='tpl_add_select'}
</select></div>
</div>
+ <div class="clear"><div class="right">
+ <button class="btn btn-default formbutton-success" type="button" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name="add_additional_template_txt"}</button>
+ </div></div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='active_template_additional_txt'}</label>
- <div id="template_additional_list" class="multiField">
+ <div id="template_additional_list" class="col-sm-9 col-text">
<ul>
{tmpl_var name='template_additional_list'}
</ul>
diff --git a/interface/web/client/templates/client_message.htm b/interface/web/client/templates/client_message.htm
index 5808c89e694cf538a3f837125e5828c0b0e678e5..e65846c749cf6df4c4c734b6237b52f00388b579 100644
--- a/interface/web/client/templates/client_message.htm
+++ b/interface/web/client/templates/client_message.htm
@@ -9,7 +9,7 @@
<div id="OKMsg"><p><tmpl_var name="okmsg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<div class="form-group">
<label for="sender" class="col-sm-3 control-label">{tmpl_var name='sender_txt'}</label>
diff --git a/interface/web/client/templates/client_message_template_list.htm b/interface/web/client/templates/client_message_template_list.htm
index cc409bd0fcaf4785700c59e9e846d0d3c9e58b36..46337c519b95d27e465e69ab77c6bc21d737a003 100644
--- a/interface/web/client/templates/client_message_template_list.htm
+++ b/interface/web/client/templates/client_message_template_list.htm
@@ -32,7 +32,7 @@
<td><a href="#" data-load-content="client/message_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>
<td class="text-right">
<div class="buttons icons16">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</div>
</td>
</tr>
diff --git a/interface/web/client/templates/client_template_edit_template.htm b/interface/web/client/templates/client_template_edit_template.htm
index 5e07d8df0de00afa34ee1489fdc530acdddf6c41..e06d07792d9b5e45a7271378a485a71430f98de9 100644
--- a/interface/web/client/templates/client_template_edit_template.htm
+++ b/interface/web/client/templates/client_template_edit_template.htm
@@ -1,7 +1,9 @@
+<tmpl_if name="list_head_txt">
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
-<p><tmpl_var name="list_desc_txt"></p>
+</tmpl_if>
+<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>
<legend>Template</legend>
diff --git a/interface/web/client/templates/client_template_list.htm b/interface/web/client/templates/client_template_list.htm
index 1d4ad1c3f4a84a0ed257417a033fed41884b916f..37b8aa289272d885e4bca219050c5e7fa062458a 100644
--- a/interface/web/client/templates/client_template_list.htm
+++ b/interface/web/client/templates/client_template_list.htm
@@ -37,7 +37,7 @@
<td><a href="#" data-load-content="client/client_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_type"}</a></td>
<td><a href="#" data-load-content="client/client_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/client/templates/clients_list.htm b/interface/web/client/templates/clients_list.htm
index f458022e685e372b3818cb31dc8771d6cfc87cfa..27d4b7da66b603d5e20a49a13e32cfd0aa5eda6e 100644
--- a/interface/web/client/templates/clients_list.htm
+++ b/interface/web/client/templates/clients_list.htm
@@ -50,11 +50,11 @@
<td><a href="#" data-load-content="client/client_edit.php?id={tmpl_var name='id'}"><span class="flags flag-{tmpl_var name="countryiso"}">{tmpl_var name="country"}</span></a></td>
<td class="text-right">
<tmpl_if name="is_admin">
- <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>
+ <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>
<tmpl_elseif name="is_reseller">
- <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>
+ <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>
</tmpl_if>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/client/templates/domain_list.htm b/interface/web/client/templates/domain_list.htm
index a53be24af64440b9d6c5a00fc31a8d968779cbfa..825b2987117ff9f4367a8215b9a304933ca98d9b 100644
--- a/interface/web/client/templates/domain_list.htm
+++ b/interface/web/client/templates/domain_list.htm
@@ -32,7 +32,7 @@
<td><a href="#" data-load-content="client/domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>
<td><a href="#" data-load-content="client/domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="sys_groupid"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/client/templates/message_template.htm b/interface/web/client/templates/message_template.htm
index 26522d4b687f934d87f52e00a99679f4d4c3285c..aa27d181fc72a5876ac2bf8d7ee5c07b8c663fd7 100644
--- a/interface/web/client/templates/message_template.htm
+++ b/interface/web/client/templates/message_template.htm
@@ -18,12 +18,13 @@
<div class="col-sm-9"><input type="text" name="template_name" id="template_name" value="{tmpl_var name='template_name'}" class="form-control" /></div></div>
<div class="form-group">
<label for="subject" class="col-sm-3 control-label">{tmpl_var name='subject_txt'}</label>
- <div class="col-sm-9"><input type="text" name="subject" id="subject" value="{tmpl_var name='subject'}" class="form-control" /></div><br clear="all">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}
+ <div class="col-sm-9"><input type="text" name="subject" id="subject" value="{tmpl_var name='subject'}" class="form-control" /></div>
+ <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}</div>
</div>
<div class="form-group">
<label for="message" class="col-sm-3 control-label">{tmpl_var name='message_txt'}</label>
- <div class="col-sm-9"><textarea class="form-control" name="message" id="message" rows='' cols=''>{tmpl_var name='message'}</textarea></div>
- <br clear="all">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}
+ <div class="col-sm-9"><textarea class="form-control" name="message" id="message" style="height:300px">{tmpl_var name='message'}</textarea></div>
+ <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}</div>
</div>
<div class="clear"><div class="right">
<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="client/message_template_edit.php">{tmpl_var name='btn_save_txt'}</button>
diff --git a/interface/web/client/templates/message_template_list.htm b/interface/web/client/templates/message_template_list.htm
index f4d4119665a603f6b10f0139c8fba3b482cf794a..70224abc8d2ceecc554874e6428d44b1ce1b4163 100644
--- a/interface/web/client/templates/message_template_list.htm
+++ b/interface/web/client/templates/message_template_list.htm
@@ -32,7 +32,7 @@
<td><a href="#" data-load-content="billing/invoice_message_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>
<td class="text-right">
<div class="buttons icons16">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('billing/invoice_message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('billing/invoice_message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</div>
</td>
</tr>
diff --git a/interface/web/client/templates/reseller_edit_limits.htm b/interface/web/client/templates/reseller_edit_limits.htm
index 7644b95747c1987334cd548492001e3f1e0bb70b..d58e28416db36db802e9dbce0be99ddc2adce6dd 100644
--- a/interface/web/client/templates/reseller_edit_limits.htm
+++ b/interface/web/client/templates/reseller_edit_limits.htm
@@ -1,20 +1,12 @@
+<tmpl_if name="list_head_txt">
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
-<p><tmpl_var name="list_desc_txt"></p>
+</tmpl_if>
+<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>
<div class="panel panel_client">
- <tmpl_if name="is_admin">
- <div class="pnl_toolsarea">
- <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
- <div class="buttons topbuttons">
- <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='add_additional_template_txt'}" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name='add_additional_template_txt'}</button>
- </div>
-
- </div>
- </tmpl_if>
-
<div class="pnl_formsarea">
<legend>Limits</legend>
<tmpl_if name="is_admin">
@@ -30,9 +22,14 @@
{tmpl_var name='tpl_add_select'}
</select></div>
</div>
+ <tmpl_if name="is_admin">
+ <div class="clear"><div class="right">
+ <button class="btn btn-default formbutton-success" type="button" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name="add_additional_template_txt"}</button>
+ </div></div>
+ </tmpl_if>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='active_template_additional_txt'}</label>
- <div id="template_additional_list" class="multiField">
+ <div id="template_additional_list" class="col-sm-9 col-text">
<ul>
{tmpl_var name='template_additional_list'}
</ul>
diff --git a/interface/web/client/templates/resellers_list.htm b/interface/web/client/templates/resellers_list.htm
index 0bb6afad29ca0a50b65df22873e39d3b8610303a..9538e710865e90ab9d98e8b7269c60ce27eec2a8 100644
--- a/interface/web/client/templates/resellers_list.htm
+++ b/interface/web/client/templates/resellers_list.htm
@@ -49,8 +49,8 @@
<td><a href="#" data-load-content="client/reseller_edit.php?id={tmpl_var name='id'}">{tmpl_var name="city"}</a></td>
<td><a href="#" data-load-content="client/reseller_edit.php?id={tmpl_var name='id'}"><span class="flags flag-{tmpl_var name="countryiso"}">{tmpl_var name="country"}</span></a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dashboard/ajax_get_json.php b/interface/web/dashboard/ajax_get_json.php
index c5384ca3de5898bee4b6ea94fdc71f9b4dfee2e7..30a668a77f01436b2b818a5e2374444c7c24b115 100644
--- a/interface/web/dashboard/ajax_get_json.php
+++ b/interface/web/dashboard/ajax_get_json.php
@@ -40,7 +40,7 @@ $type = $_GET["type"];
//if($_SESSION["s"]["user"]["typ"] == 'admin') {
-
+/* TODO: change sql queries */
if($type == 'globalsearch'){
$q = $app->db->quote(trim($_GET["q"]));
$authsql = " AND ".$app->tform->getAuthSQL('r');
@@ -55,19 +55,19 @@ if($type == 'globalsearch'){
$result[] = _search('client', 'reseller', "AND limit_client != 0");
// web sites
- $result[] = _search('sites', 'web_domain', "AND type = 'vhost'");
+ $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhost'");
// subdomains
- $result[] = _search('sites', 'web_subdomain', "AND type = 'subdomain'");
+ $result[] = _search('sites', 'web_childdomain', "AND type = 'subdomain'", 'type=subdomain');
// web site aliases
- $result[] = _search('sites', 'web_aliasdomain', "AND type = 'alias'");
+ $result[] = _search('sites', 'web_childdomain', "AND type = 'alias'", 'type=aliasdomain');
// vhostsubdomains
- $result[] = _search('sites', 'web_vhost_subdomain', "AND type = 'vhostsubdomain'");
+ $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhostsubdomain'", 'type=subdomain');
// vhostaliasdomains
- $result[] = _search('sites', 'web_vhost_aliasdomain', "AND type = 'vhostalias'");
+ $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhostalias'", 'type=aliasdomain');
// FTP users
$result[] = _search('sites', 'ftp_user');
@@ -76,28 +76,6 @@ if($type == 'globalsearch'){
$result[] = _search('sites', 'shell_user');
// databases
- /*
- $result_databases = array('cheader' => array(), 'cdata' => array());
- if(in_array('sites', $modules)){
- $sql = "SELECT * FROM web_database WHERE database_name LIKE '%".$q."%' OR database_user LIKE '%".$q."%' OR remote_ips LIKE '%".$q."%'".$authsql." ORDER BY database_name";
- $results = $app->db->queryAllRecords($sql);
-
- if(is_array($results) && !empty($results)){
- $result_databases['cheader'] = array('title' => 'Databases',
- 'total' => count($results),
- 'limit' => count($results)
- );
- foreach($results as $result){
- $description = 'Database User: '.$result['database_user'].' - Remote IPs: '.$result['remote_ips'];
- $result_databases['cdata'][] = array('title' => $result['database_name'],
- 'description' => $description,
- 'onclick' => 'ISPConfig.capp(\'sites\',\'sites/database_edit.php?id='.$result['database_id'].'\');',
- 'fill_text' => strtolower($result['database_name'])
- );
- }
- }
- }
- */
$result[] = _search('sites', 'database');
// database users
@@ -156,7 +134,7 @@ if($type == 'globalsearch'){
//}
-function _search($module, $section, $additional_sql = ''){
+function _search($module, $section, $additional_sql = '', $params = ''){
global $app, $q, $authsql, $modules;
$result_array = array('cheader' => array(), 'cdata' => array());
@@ -164,9 +142,13 @@ function _search($module, $section, $additional_sql = ''){
$search_fields = array();
$desc_fields = array();
if(is_file('../'.$module.'/form/'.$section.'.tform.php')){
- include_once '../'.$module.'/form/'.$section.'.tform.php';
+ include '../'.$module.'/form/'.$section.'.tform.php';
$category_title = $form["title"];
+ if($params == 'type=subdomain' && $section == 'web_childdomain') $category_title = 'Subdomain';
+ if($params == 'type=aliasdomain' && $section == 'web_childdomain') $category_title = 'Aliasdomain';
+ if($params == 'type=subdomain' && $section == 'web_vhost_domain') $category_title = 'Subdomain (Vhost)';
+ if($params == 'type=aliasdomain' && $section == 'web_vhost_domain') $category_title = 'Aliasdomain (Vhost)';
$form_file = $form["action"];
$db_table = $form["db_table"];
$db_table_idx = $form["db_table_idx"];
@@ -205,8 +187,8 @@ function _search($module, $section, $additional_sql = ''){
$order_clause = '';
if($order_by != '') $order_clause = ' ORDER BY '.$order_by;
- $sql = "SELECT * FROM ".$db_table." WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
- $results = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
+ $results = $app->db->queryAllRecords($sql, $db_table);
if(is_array($results) && !empty($results)){
$lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
@@ -227,7 +209,7 @@ function _search($module, $section, $additional_sql = ''){
$result_array['cdata'][] = array('title' => $wb[$title_key.'_txt'].': '.$result[$title_key],
'description' => $description,
- 'onclick' => "ISPConfig.capp('".$module."','".$module."/".$form_file."?id=".$result[$db_table_idx]."');",
+ 'onclick' => "ISPConfig.capp('".$module."','".$module."/".$form_file.urlencode("?id=".$result[$db_table_idx]).($params != ''? urlencode('&'.$params) : '')."');",
'fill_text' => strtolower($result[$title_key])
);
}
diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php
index 6c04d5877d6aa3724c96a7deff56061310706a11..51068b10850182047283a1a28f75249e59d329ce 100644
--- a/interface/web/dashboard/dashboard.php
+++ b/interface/web/dashboard/dashboard.php
@@ -51,7 +51,7 @@ $app->tpl_defaults();
if($_SESSION['s']['user']['typ'] == 'admin') {
$name = $_SESSION['s']['user']['username'];
} else {
- $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
$name = $tmp['contact_name'];
}
@@ -146,7 +146,7 @@ $app->tpl->setloop('info', $info);
$dashlet_list = array();
$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
while ($file = @readdir($handle)) {
- if ($file != '.' && $file != '..' && !is_dir($file)) {
+ if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {
$dashlet_name = substr($file, 0, -4);
$dashlet_class = 'dashlet_'.$dashlet_name;
include_once ISPC_WEB_PATH.'/dashboard/dashlets/'.$file;
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 70113f3969f80243d9ed3f6e2921dd25f1285508..2455da87bdeabd7c4d088f3dbbd5b0bf90ba0c1e 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -130,7 +130,7 @@ class dashlet_limits {
if($user_is_admin == false) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$rows = array();
@@ -164,10 +164,10 @@ class dashlet_limits {
function _get_limit_usage($limit) {
global $app;
- $sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
+ $sql = "SELECT count(sys_userid) as number FROM ?? WHERE ";
if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
$sql .= $app->tform->getAuthSQL('r');
- $rec = $app->db->queryOneRecord($sql);
+ $rec = $app->db->queryOneRecord($sql, $limit['db_table']);
return $rec['number'];
}
diff --git a/interface/web/dashboard/dashlets/modules.php b/interface/web/dashboard/dashlets/modules.php
index 1b1d2ef99fcd5cc540f7375e4a7b75a19d219a4b..da1eb0be77be2dc60f6368fd437c105f1135d189 100644
--- a/interface/web/dashboard/dashlets/modules.php
+++ b/interface/web/dashboard/dashlets/modules.php
@@ -28,19 +28,32 @@ class dashlet_modules {
include_once '../' . $mt.'/lib/module.conf.php';
/* We don't want to show the dashboard */
if ($mt != 'dashboard') {
+ if($mt == 'dns'){
+ $dns_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE dns_server = 1 AND active = 1");
+ if($dns_servers['cnt'] == 0) continue;
+ }
+ if($mt == 'mail'){
+ $mail_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE mail_server = 1 AND active = 1");
+ if($mail_servers['cnt'] == 0) continue;
+ }
+ if($mt == 'sites'){
+ $web_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE web_server = 1 AND active = 1");
+ if($web_servers['cnt'] == 0) continue;
+ }
+
$module_title = $app->lng($module['title']);
if(function_exists('mb_strlen')) {
if(mb_strlen($module_title, "UTF-8") > 8) $module_title = mb_substr($module_title, 0, 7, "UTF-8").'..';
} else {
if(strlen($module_title) > 8) $module_title = substr($module_title, 0, 7).'..';
}
- $mod[] = array( 'modules_title' => $module_title,
+ $mod[$module['order']] = array( 'modules_title' => $module_title,
'modules_startpage' => $module['startpage'],
'modules_name' => $module['name']);
}
}
}
-
+ ksort($mod);
$tpl->setloop('modules', $mod);
}
diff --git a/interface/web/dashboard/lib/custom_menu.inc.php b/interface/web/dashboard/lib/custom_menu.inc.php
index b71bd16f6db677ae14e5df56ae412131c46c49ff..176805ea0e911a68845d504af45740c1b0fdc72f 100644
--- a/interface/web/dashboard/lib/custom_menu.inc.php
+++ b/interface/web/dashboard/lib/custom_menu.inc.php
@@ -71,7 +71,7 @@ if( $atom_url != '' ) {
$rows[] = array('title' => $item->get_title(),
'link' => $item->get_link(),
'content' => $item->get_content(),
- 'date' => $item->get_date('Y-m-d')
+ 'date' => $item->get_date($app->lng('conf_format_dateshort'))
);
}
$n++;
diff --git a/interface/web/dashboard/lib/module.conf.php b/interface/web/dashboard/lib/module.conf.php
index 67f769e6b927271bdbe1455d611f172578726375..4471f9bf826d83a5b485dce6a3501f600b8ac76f 100644
--- a/interface/web/dashboard/lib/module.conf.php
+++ b/interface/web/dashboard/lib/module.conf.php
@@ -32,6 +32,7 @@ $module['title'] = 'top_menu_dashboard';
$module['template'] = 'dashboard.tpl.htm';
$module['startpage'] = 'dashboard/dashboard.php';
$module['tab_width'] = '';
+$module['order'] = '1';
//$items = array();
//
diff --git a/interface/web/dns/ajax_get_json.php b/interface/web/dns/ajax_get_json.php
index 781fa8e8c1c9d99c8c17f7fa91a91676f45efac0..c2da4dce631172dab52b487509e639da8a6988d2 100644
--- a/interface/web/dns/ajax_get_json.php
+++ b/interface/web/dns/ajax_get_json.php
@@ -34,129 +34,26 @@ require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('dns');
-//$app->uses('tform');
-
$type = $_GET["type"];
-//if($_SESSION["s"]["user"]["typ"] == 'admin') {
-
-
if($type == 'get_ipv4'){
- //$q = $app->db->quote(trim($_GET["q"]));
- //$authsql = " AND ".$app->tform->getAuthSQL('r');
- //$modules = explode(',', $_SESSION['s']['user']['modules']);
-
$result = array();
// ipv4
- //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
$result[] = $app->functions->suggest_ips('IPv4');
$json = $app->functions->json_encode($result);
}
if($type == 'get_ipv6'){
- //$q = $app->db->quote(trim($_GET["q"]));
- //$authsql = " AND ".$app->tform->getAuthSQL('r');
- //$modules = explode(',', $_SESSION['s']['user']['modules']);
-
$result = array();
// ipv6
- //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
$result[] = $app->functions->suggest_ips('IPv6');
$json = $app->functions->json_encode($result);
}
-//}
-
-/*
-function _search($module, $section, $additional_sql = '', $unique = false){
- global $app, $q, $authsql, $modules;
-
- $result_array = array('cheader' => array(), 'cdata' => array());
- if(in_array($module, $modules) || ($module == 'admin' && $section == 'server_ip')){
- $search_fields = array();
- $desc_fields = array();
- if(is_file('../'.$module.'/form/'.$section.'.tform.php')){
- include_once('../'.$module.'/form/'.$section.'.tform.php');
-
- $category_title = $form["title"];
- $form_file = $form["action"];
- $db_table = $form["db_table"];
- $db_table_idx = $form["db_table_idx"];
- $order_by = $db_table_idx;
-
- if(is_array($form["tabs"]) && !empty($form["tabs"])){
- foreach($form["tabs"] as $tab){
- if(is_array($tab['fields']) && !empty($tab['fields'])){
- foreach($tab['fields'] as $key => $val){
- if(isset($val['searchable']) && $val['searchable'] > 0){
- $search_fields[] = $key." LIKE '%".$q."%'";
- if($val['searchable'] == 1){
- $order_by = $key;
- $title_key = $key;
- }
- if($val['searchable'] == 2){
- $desc_fields[] = $key;
- }
- }
- }
- }
- }
- }
- }
- unset($form);
-
- $where_clause = '';
- if(!empty($search_fields)){
- $where_clause = implode(' OR ', $search_fields);
- } else {
- // valid SQL query which returns an empty result set
- $where_clause = '1 = 0';
- }
- if($where_clause != '') $where_clause = '('.$where_clause.')';
- if($additional_sql != '') $where_clause .= ' '.$additional_sql.' ';
- $order_clause = '';
- if($order_by != '') $order_clause = ' ORDER BY '.$order_by;
-
- $sql = "SELECT * FROM ".$db_table." WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
- $results = $app->db->queryAllRecords($sql);
-
- if(is_array($results) && !empty($results)){
- $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
- if(is_file($lng_file)) include($lng_file);
- $result_array['cheader'] = array('title' => $category_title,
- 'total' => count($results),
- 'limit' => count($results)
- );
- foreach($results as $result){
- $description = '';
- if(!empty($desc_fields)){
- $desc_items = array();
- foreach($desc_fields as $desc_field){
- if($result[$desc_field] != '') $desc_items[] = $wb[$desc_field.'_txt'].': '.$result[$desc_field];
- }
- if(!empty($desc_items)) $description = implode(' - ', $desc_items);
- }
-
- $result_array['cdata'][] = array( 'title' => $wb[$title_key.'_txt'].': '.$result[$title_key],
- 'description' => $description,
- 'onclick' => '',
- 'fill_text' => $result[$title_key]
- );
- }
- if($unique === true){
- $result_array['cdata'] = array_unique($result_array['cdata']);
- $result_array['cheader']['total'] = $result_array['cheader']['limit'] = count($result_array['cdata']);
- }
- }
- }
- return $result_array;
-}
-*/
-
header('Content-type: application/json');
echo $json;
?>
diff --git a/interface/web/dns/dns_a_edit.php b/interface/web/dns/dns_a_edit.php
index 729c3c370ff2426937a72d26440ca3187725e7ab..5b060c33ab4060ffa60eb3d0a234a34523716da6 100644
--- a/interface/web/dns/dns_a_edit.php
+++ b/interface/web/dns/dns_a_edit.php
@@ -40,102 +40,17 @@ $tform_def_file = "form/dns_a.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
+class page_action extends dns_page_action {
+ protected function checkDuplicate() {
//* Check for duplicates where IP and hostname are the same
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
- if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
- unset($tmp);
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and data = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->dataRecord["data"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
+ if($tmp['number'] > 0) return true;
+ return false;
}
-
}
$page = new page_action;
diff --git a/interface/web/dns/dns_aaaa_edit.php b/interface/web/dns/dns_aaaa_edit.php
index ba7ae963a977b309e684ecbf129ca77934189ece..006e71cf4cfa0b31724b1f6b354e0f896a7e0ee5 100644
--- a/interface/web/dns/dns_aaaa_edit.php
+++ b/interface/web/dns/dns_aaaa_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_aaaa.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_alias_edit.php b/interface/web/dns/dns_alias_edit.php
index 5613810e81c91ac1efeb6d00eb9935a354929814..68f2743fe16dfc02dd7a7d5bd4a8aa0878bf074d 100644
--- a/interface/web/dns/dns_alias_edit.php
+++ b/interface/web/dns/dns_alias_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_alias.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_cname_edit.php b/interface/web/dns/dns_cname_edit.php
index 8ab1e6be910a4570ad92f409cfb806a37a567dc7..b04af40051ec28adf7d311450d4fe4319aecf809 100644
--- a/interface/web/dns/dns_cname_edit.php
+++ b/interface/web/dns/dns_cname_edit.php
@@ -40,100 +40,16 @@ $tform_def_file = "form/dns_cname.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
+class page_action extends dns_page_action {
+ protected function checkDuplicate() {
//* Check for duplicates where IP and hostname are the same
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
- if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
- unset($tmp);
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
+ if($tmp['number'] > 0) return true;
+ return false;
}
}
diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 1a01463b9fd0e344e9d58a986c943ea83f8bb886..a1c4c6f826932df8eaa243023d43e80d7b34fa4d 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -71,8 +71,8 @@ class page_action extends tform_actions {
parent::onShowNew();
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_GET['zone'], $app->tform->getAuthSQL('r'));
- $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ?", substr_replace($soa['origin'],'',-1), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_GET['zone']);
+ $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND " . $app->tform->getAuthSQL('r'), substr_replace($soa['origin'],'',-1));
$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);
$app->tpl->setVar('public_key', $public_key);
$app->tpl->setVar('selector', $sql['dkim_selector']);
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST["zone"], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -126,23 +126,23 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
+ $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);
//* Update the serial number of the SOA record
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
function onAfterUpdate() {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
}
diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index e18e91eba38c7fbc793714af51621fc4f7b4f17f..49bf69909d3eecdf54f00ecfb9c5dec740d00dcf 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -74,8 +74,8 @@ class page_action extends tform_actions {
$zone = $app->functions->intval($_GET['zone']);
// get domain-name
- $sql = "SELECT * FROM dns_soa WHERE id = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone);
$domain_name = rtrim($rec['origin'], '.');
// set defaults
@@ -88,8 +88,8 @@ class page_action extends tform_actions {
$dmarc_sp = 'same';
//* check for an existing dmarc-record
- $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.');
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
@@ -204,7 +204,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST['zone'], $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -349,13 +349,13 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
+ $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);
//* Update the serial number of the SOA record
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
@@ -363,10 +363,10 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
}
diff --git a/interface/web/dns/dns_edit_base.php b/interface/web/dns/dns_edit_base.php
new file mode 100644
index 0000000000000000000000000000000000000000..9cea8b6ae20b7dc56ef26f592b40b200c983d7e4
--- /dev/null
+++ b/interface/web/dns/dns_edit_base.php
@@ -0,0 +1,131 @@
+<?php
+
+/*
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class dns_page_action extends tform_actions {
+
+ protected function checkDuplicate() {
+ return false;
+ }
+
+ function onShowNew() {
+ global $app, $conf;
+
+ // we will check only users, not admins
+ if($_SESSION["s"]["user"]["typ"] == 'user') {
+
+ // Get the limits of the client
+ $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+ // Check if the user may add another mailbox.
+ if($client["limit_dns_record"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+ if($tmp["number"] >= $client["limit_dns_record"]) {
+ $app->error($app->tform->wordbook["limit_dns_record_txt"]);
+ }
+ }
+ }
+
+ parent::onShowNew();
+ }
+
+ function onSubmit() {
+ global $app, $conf;
+
+ // Get the parent soa record of the domain
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);
+
+ // Check if Domain belongs to user
+ if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
+
+ // Check the client limits, if user is not the admin
+ if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
+ // Get the limits of the client
+ $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+ // Check if the user may add another mailbox.
+ if($this->id == 0 && $client["limit_dns_record"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+ if($tmp["number"] >= $client["limit_dns_record"]) {
+ $app->error($app->tform->wordbook["limit_dns_record_txt"]);
+ }
+ }
+ } // end if user is not admin
+
+ if($this->checkDuplicate()) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
+
+ // Set the server ID of the rr record to the same server ID as the parent record.
+ $this->dataRecord["server_id"] = $soa["server_id"];
+
+ // Update the serial number and timestamp of the RR record
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
+ $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
+ $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
+
+ parent::onSubmit();
+ }
+
+ function onAfterInsert() {
+ global $app, $conf;
+
+ //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
+ $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);
+
+ //* Update the serial number of the SOA record
+ $soa_id = $app->functions->intval($_POST["zone"]);
+ $serial = $app->validate_dns->increase_serial($soa["serial"]);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
+ }
+
+ function onAfterUpdate() {
+ global $app, $conf;
+
+ //* Update the serial number of the SOA record
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
+ $soa_id = $app->functions->intval($_POST["zone"]);
+ $serial = $app->validate_dns->increase_serial($soa["serial"]);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
+ }
+
+}
+
+?>
diff --git a/interface/web/dns/dns_hinfo_edit.php b/interface/web/dns/dns_hinfo_edit.php
index ed25dccdb74d9c70dc1c1056bc8752bb026580b2..58169cd9ccdaff4ee606c1e3965efe35af14d46f 100644
--- a/interface/web/dns/dns_hinfo_edit.php
+++ b/interface/web/dns/dns_hinfo_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_hinfo.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 5598b5664b8fe99e132291f65170c77c16c71919..7e96a42d8c40d983db4ff77fad71cd1513d69d3b 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -106,13 +106,13 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
foreach( $clients as $client) {
@@ -127,7 +127,7 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -138,8 +138,8 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
@@ -199,8 +199,8 @@ $app->tpl->setVar($wb);
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
$valid_zone_file = FALSE;
- $sql = "SELECT server_name FROM `server` WHERE server_id=".$app->functions->intval($server_id)." OR mirror_server_id=".$app->functions->intval($server_id)." ORDER BY server_name ASC";
- $servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_name FROM `server` WHERE server_id=? OR mirror_server_id=? ORDER BY server_name ASC";
+ $servers = $app->db->queryAllRecords($sql, $server_id, $server_id);
for ($i=0;$i<count($servers);$i++)
{
if (substr($servers[$i]['server_name'], strlen($servers[$i]['server_name'])-1) != ".")
@@ -695,21 +695,38 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
// Insert the soa record
$sys_userid = $_SESSION['s']['user']['userid'];
- $origin = $app->db->quote($soa['name']);
- $ns = $app->db->quote($soa['ns']);
- $mbox = $app->db->quote($soa['mbox']);
- $refresh = $app->db->quote($soa['refresh']);
- $retry = $app->db->quote($soa['retry']);
- $expire = $app->db->quote($soa['expire']);
- $minimum = $app->db->quote($soa['minimum']);
- $ttl = $app->db->quote($soa['ttl']);
- $xfer = $app->db->quote('');
- $serial = $app->db->quote($app->functions->intval($soa['serial'])+1);
+ $origin = $soa['name'];
+ $ns = $soa['ns'];
+ $mbox = $soa['mbox'];
+ $refresh = $soa['refresh'];
+ $retry = $soa['retry'];
+ $expire = $soa['expire'];
+ $minimum = $soa['minimum'];
+ $ttl = $soa['ttl'];
+ $xfer = '';
+ $serial = $app->functions->intval($soa['serial']+1);
//print_r($soa);
//die();
if($valid_zone_file){
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => $xfer
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
// Insert the dns_rr records
@@ -717,8 +734,21 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
{
foreach($dns_rr as $rr)
{
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
diff --git a/interface/web/dns/dns_mx_edit.php b/interface/web/dns/dns_mx_edit.php
index 7f41b784506128664217b66dbdf7311961e91637..1d0037e85a99ac6aa94659f221afebabd7adce77 100644
--- a/interface/web/dns/dns_mx_edit.php
+++ b/interface/web/dns/dns_mx_edit.php
@@ -40,79 +40,17 @@ $tform_def_file = "form/dns_mx.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
+class page_action extends dns_page_action {
function onInsert() {
global $app, $conf;
// Check if record is existing already
- $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"]);
+
if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);
@@ -123,36 +61,13 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if record is existing already
- $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND id != ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"], $this->dataRecord["id"]);
if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);
parent::onUpdate();
}
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
}
$page = new page_action;
diff --git a/interface/web/dns/dns_ns_edit.php b/interface/web/dns/dns_ns_edit.php
index b61254dac722a9fb308cc309c6050b8d150cd85c..faded5f8819142fbbd19c4b3a1be6f00f7cba03c 100644
--- a/interface/web/dns/dns_ns_edit.php
+++ b/interface/web/dns/dns_ns_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_ns.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_ptr_edit.php b/interface/web/dns/dns_ptr_edit.php
index 4e26f226ed2eb2566195a203c70351974b272a53..1c3675d2c36288a571ba53ff9583801b3be439ed 100644
--- a/interface/web/dns/dns_ptr_edit.php
+++ b/interface/web/dns/dns_ptr_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_ptr.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_rp_edit.php b/interface/web/dns/dns_rp_edit.php
index 62bf1a9ac6e4ac96de247e7c22c116327efedb76..1e55500cda01266d3fb97a72b60e464d0dd0f5d0 100644
--- a/interface/web/dns/dns_rp_edit.php
+++ b/interface/web/dns/dns_rp_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_rp.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_rr_del.php b/interface/web/dns/dns_rr_del.php
index a20c9c07d3c637d711106846b08cf6cdf226bef4..6504123da2b39a407e48105b3ed5d8c2bad6da68 100644
--- a/interface/web/dns/dns_rr_del.php
+++ b/interface/web/dns/dns_rr_del.php
@@ -54,10 +54,10 @@ class page_action extends tform_actions {
global $app; $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);
$soa_id = $app->functions->intval($this->dataRecord["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
}
diff --git a/interface/web/dns/dns_slave_del.php b/interface/web/dns/dns_slave_del.php
index d3ca18fbc1ed3f700a5459aaae0433a164b587b4..d8b2a243e4540861bdb70c01a6092d089784bb8c 100644
--- a/interface/web/dns/dns_slave_del.php
+++ b/interface/web/dns/dns_slave_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all records that belog to this zone.
- $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('dns_slave', 'id', $rec['id']);
}
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 0ae2ac4c4a5644582f5a41ac08d49fe8f5083e6c..44103608eb4cc7754296237dfacef777fbfd9d64 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -99,12 +99,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -176,12 +176,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
@@ -203,7 +203,7 @@ class page_action extends tform_actions {
if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';
//* Check if a primary zone with the same name already exists
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = ? AND server_id = ?", $this->dataRecord["origin"], $this->dataRecord["server_id"]);
if($tmp["number"] > 0) {
$app->error($app->tform->wordbook["origin_error_unique"]);
}
@@ -215,7 +215,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if record is existing already
- $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
+ $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ? AND server_id = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["origin"], $this->dataRecord["server_id"]);
if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);
diff --git a/interface/web/dns/dns_soa_del.php b/interface/web/dns/dns_soa_del.php
index f9a06fcfbd4535ac8f7c3d380c4de8ae58a318f7..fee2138f8579708ed7f6085daef93710c36ea438 100644
--- a/interface/web/dns/dns_soa_del.php
+++ b/interface/web/dns/dns_soa_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all records that belog to this zone.
- $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('dns_rr', 'id', $rec['id']);
}
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index e39c37781d795fd4869e824e9ca3457e42c214e7..634a91d188961c37bf66b3ef34fe05cfaed5dcbf 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -109,12 +109,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -133,7 +133,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -144,13 +144,13 @@ class page_action extends tform_actions {
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
- $options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";
+ $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
}
$app->tpl->setVar("client_server_id", $options_dns_servers);
@@ -219,7 +219,7 @@ function onSubmit() {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
@@ -231,14 +231,14 @@ function onSubmit() {
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
} else {
// Check if the user may add another maildomain.
if($client["limit_dns_zone"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_zone"]) {
$app->error($app->tform->wordbook["limit_dns_zone_txt"]);
}
@@ -246,13 +246,6 @@ function onSubmit() {
}
}
- /*
- // Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- */
-
-
//* Check if soa, ns and mbox have a dot at the end
if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';
if(strlen($this->dataRecord["ns"]) > 0 && substr($this->dataRecord["ns"], -1, 1) != '.') $this->dataRecord["ns"] .= '.';
@@ -282,7 +275,7 @@ function onBeforeUpdate () {
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ?", $this->id);
$drOrigin = (isset($this->dataRecord['origin']))
? $app->functions->idn_encode($this->dataRecord['origin'])
: false;
diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index b20a34040480814bc58faa0790b2c9229acca45d..ba770a9cfa43a8936e7d6f1e05b0bef7433e985c 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = =", $client_group_id);
+ $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
@@ -77,8 +77,8 @@ class page_action extends tform_actions {
$zone = $app->functions->intval($_GET['zone']);
//* check for an existing spf-record
- $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND ?";
- $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
+ $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, $zone);
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
@@ -134,7 +134,7 @@ class page_action extends tform_actions {
// Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($_POST["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($_POST["zone"]));
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
@@ -241,13 +241,13 @@ class page_action extends tform_actions {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
+ $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
+ $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);
//* Update the serial number of the SOA record
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
@@ -255,10 +255,10 @@ class page_action extends tform_actions {
global $app, $conf;
//* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
}
diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php
index e2d0beae209d0a46f6c15655b94eb1078c0a78e2..e2b290ab9f1f52a1a3ab3a6786aa5ef5f5b0fdf8 100644
--- a/interface/web/dns/dns_srv_edit.php
+++ b/interface/web/dns/dns_srv_edit.php
@@ -40,37 +40,10 @@ $tform_def_file = "form/dns_srv.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
+class page_action extends dns_page_action {
function onShowEnd() {
global $app, $conf;
@@ -93,65 +66,6 @@ class page_action extends tform_actions {
$this->dataRecord['data'] = $this->dataRecord['weight'] .' '. $this->dataRecord['port'] .' '. $this->dataRecord['target'];
}
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
}
$page = new page_action;
diff --git a/interface/web/dns/dns_txt_edit.php b/interface/web/dns/dns_txt_edit.php
index ca5b8384c5e1dbd2f7e25831723ec908235964dd..8f61d2bfe725e218df4a2c3d28b06f040e6ca570 100644
--- a/interface/web/dns/dns_txt_edit.php
+++ b/interface/web/dns/dns_txt_edit.php
@@ -40,96 +40,10 @@ $tform_def_file = "form/dns_txt.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('dns');
+require_once './dns_edit_base.php';
// Loading classes
-$app->uses('tpl,tform,tform_actions,validate_dns');
-$app->load('tform_actions');
-
-class page_action extends tform_actions {
-
- function onShowNew() {
- global $app, $conf;
-
- // we will check only users, not admins
- if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- }
-
- parent::onShowNew();
- }
-
- function onSubmit() {
- global $app, $conf;
-
- // Get the parent soa record of the domain
- $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
-
- // Check if Domain belongs to user
- if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
-
- // Check the client limits, if user is not the admin
- if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
- // Get the limits of the client
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another mailbox.
- if($this->id == 0 && $client["limit_dns_record"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_record"]) {
- $app->error($app->tform->wordbook["limit_dns_record_txt"]);
- }
- }
- } // end if user is not admin
-
-
- // Set the server ID of the rr record to the same server ID as the parent record.
- $this->dataRecord["server_id"] = $soa["server_id"];
-
- // Update the serial number and timestamp of the RR record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
- $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
- $this->dataRecord["stamp"] = date('Y-m-d H:i:s');
-
- parent::onSubmit();
- }
-
- function onAfterInsert() {
- global $app, $conf;
-
- //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
- $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
-
- //* Update the serial number of the SOA record
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
-
- function onAfterUpdate() {
- global $app, $conf;
-
- //* Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
- $soa_id = $app->functions->intval($_POST["zone"]);
- $serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
- }
+class page_action extends dns_page_action {
}
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index b27c66a6732918e4107fa0160a152f62648c9645..198245b29315a69218356c82b316da67c4a2b5a0 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -107,14 +107,14 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if ($domains_settings['use_domain_module'] != 'y') {
// load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
foreach( $clients as $client) {
@@ -130,7 +130,7 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -141,13 +141,13 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
- $options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";
+ $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($_POST['server_id'] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_dns_servers);
@@ -155,7 +155,7 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
}
-$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
+$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
foreach($fields as $field) {
@@ -203,7 +203,7 @@ if($_POST['create'] == 1) {
if ($post_server_id)
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
@@ -335,11 +335,11 @@ if($_POST['create'] == 1) {
if($section == 'dns_records') {
$parts = explode('|', $row);
$dns_rr[] = array(
- 'name' => $app->db->quote($parts[1]),
- 'type' => $app->db->quote($parts[0]),
- 'data' => $app->db->quote($parts[2]),
- 'aux' => $app->db->quote($parts[3]),
- 'ttl' => $app->db->quote($parts[4])
+ 'name' => $parts[1],
+ 'type' => $parts[0],
+ 'data' => $parts[2],
+ 'aux' => $parts[3],
+ 'ttl' => $parts[4]
);
}
}
@@ -359,28 +359,60 @@ if($_POST['create'] == 1) {
if($error == '') {
// Insert the soa record
$sys_userid = $_SESSION['s']['user']['userid'];
- $origin = $app->db->quote($vars['origin']);
- $ns = $app->db->quote($vars['ns']);
- $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
- $refresh = $app->db->quote($vars['refresh']);
- $retry = $app->db->quote($vars['retry']);
- $expire = $app->db->quote($vars['expire']);
- $minimum = $app->db->quote($vars['minimum']);
- $ttl = $app->db->quote($vars['ttl']);
- $xfer = $app->db->quote($vars['xfer']);
- $also_notify = $app->db->quote($vars['also_notify']);
- $update_acl = $app->db->quote($vars['update_acl']);
+ $origin = $vars['origin'];
+ $ns = $vars['ns'];
+ $mbox = str_replace('@', '.', $vars['mbox']);
+ $refresh = $vars['refresh'];
+ $retry = $vars['retry'];
+ $expire = $vars['expire'];
+ $minimum = $vars['minimum'];
+ $ttl = $vars['ttl'];
+ $xfer = $vars['xfer'];
+ $also_notify = $vars['also_notify'];
+ $update_acl = $vars['update_acl'];
$serial = $app->validate_dns->increase_serial(0);
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => $xfer,
+ "also_notify" => $also_notify,
+ "update_acl" => $update_acl
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
// Insert the dns_rr records
if(is_array($dns_rr) && $dns_soa_id > 0) {
foreach($dns_rr as $rr) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
diff --git a/interface/web/dns/form/dns_a.tform.php b/interface/web/dns/form/dns_a.tform.php
index 95aa5b81c0d6cb1a5ccd0c43789c69bacee2fd99..cd5a3eb9ab070ea877a2e283f655b2d9fa59d0ef 100644
--- a/interface/web/dns/form/dns_a.tform.php
+++ b/interface/web/dns/form/dns_a.tform.php
@@ -133,7 +133,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_aaaa.tform.php b/interface/web/dns/form/dns_aaaa.tform.php
index 47bbac39c2911c957e254e44080d7744aa813432..d381d518795728e5918aa6c93a0d7bbceedaf459 100644
--- a/interface/web/dns/form/dns_aaaa.tform.php
+++ b/interface/web/dns/form/dns_aaaa.tform.php
@@ -126,7 +126,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_alias.tform.php b/interface/web/dns/form/dns_alias.tform.php
index 663bf84278e83b1de1df7e04a716711de2960283..defcda08532e74039423b745b743d41d83642819 100644
--- a/interface/web/dns/form/dns_alias.tform.php
+++ b/interface/web/dns/form/dns_alias.tform.php
@@ -142,7 +142,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_cname.tform.php b/interface/web/dns/form/dns_cname.tform.php
index 957e6e19e5256a470a4751b8c4c0e89a89d5d9c1..5fdf8c9b4ea00fe3718e471240ca48ae687828cb 100644
--- a/interface/web/dns/form/dns_cname.tform.php
+++ b/interface/web/dns/form/dns_cname.tform.php
@@ -140,7 +140,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_dkim.tform.php b/interface/web/dns/form/dns_dkim.tform.php
index bbc1214f2280768a0d21288689d10d125ee60097..550255da4639827709946ecb2416c99cd9cf519e 100644
--- a/interface/web/dns/form/dns_dkim.tform.php
+++ b/interface/web/dns/form/dns_dkim.tform.php
@@ -120,7 +120,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_hinfo.tform.php b/interface/web/dns/form/dns_hinfo.tform.php
index 231bdfc65a6a5fac8dc8ee187dbb44f31c239abf..76c8c79dc0f66cac2787aaeaaf977c134aadf35f 100644
--- a/interface/web/dns/form/dns_hinfo.tform.php
+++ b/interface/web/dns/form/dns_hinfo.tform.php
@@ -132,7 +132,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_mx.tform.php b/interface/web/dns/form/dns_mx.tform.php
index d5faeebcfa011c685ba75c676942c77199463d40..9aace37ae7858a9b2197e320c70a00182578e45a 100644
--- a/interface/web/dns/form/dns_mx.tform.php
+++ b/interface/web/dns/form/dns_mx.tform.php
@@ -141,7 +141,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_ns.tform.php b/interface/web/dns/form/dns_ns.tform.php
index 82b30901fdbfb8244699796cdf6fd903203991dd..063a896de3719f8c9bd6da4543383dcfa5720f88 100644
--- a/interface/web/dns/form/dns_ns.tform.php
+++ b/interface/web/dns/form/dns_ns.tform.php
@@ -140,7 +140,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_ptr.tform.php b/interface/web/dns/form/dns_ptr.tform.php
index 59a91e7c8fff26e98579ffc40f719491242de453..4cc0462522e0fc4e42aff1f28afbe2f830b694c4 100644
--- a/interface/web/dns/form/dns_ptr.tform.php
+++ b/interface/web/dns/form/dns_ptr.tform.php
@@ -140,7 +140,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_rp.tform.php b/interface/web/dns/form/dns_rp.tform.php
index 35b8e55ad149e97e0fd83fc4e549a4df9d89c655..5f4610a45bb397a247078ad08404c3e7319233c9 100644
--- a/interface/web/dns/form/dns_rp.tform.php
+++ b/interface/web/dns/form/dns_rp.tform.php
@@ -133,7 +133,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
index 1e4f9a63e1b047c9950b3b3345a8527059b717c4..02afa86c53d28af488c8c49bcc8e8a7fbbd67ccd 100644
--- a/interface/web/dns/form/dns_soa.tform.php
+++ b/interface/web/dns/form/dns_soa.tform.php
@@ -197,7 +197,7 @@ $form["tabs"]['dns_soa'] = array (
'range' => '60:',
'errmsg'=> 'minimum_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_spf.tform.php b/interface/web/dns/form/dns_spf.tform.php
index 00ccb7628c70d3722a03d46a93b0db3da1fdbe58..ea2cf8310c8310477cb98365d9a29ed8c3dc259a 100644
--- a/interface/web/dns/form/dns_spf.tform.php
+++ b/interface/web/dns/form/dns_spf.tform.php
@@ -127,7 +127,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_srv.tform.php b/interface/web/dns/form/dns_srv.tform.php
index 2f35fd53dda6ff14472edcb43f1b8c2831f7d436..ee0674fd1931318ab95e1809e20075eab3e10150 100644
--- a/interface/web/dns/form/dns_srv.tform.php
+++ b/interface/web/dns/form/dns_srv.tform.php
@@ -131,7 +131,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/form/dns_txt.tform.php b/interface/web/dns/form/dns_txt.tform.php
index 70e0fc5f0d0108d7d935c98a7a7bbb3f1f6d0e35..01b731a2e4201e86920393d5eb6a98e79ff762fc 100644
--- a/interface/web/dns/form/dns_txt.tform.php
+++ b/interface/web/dns/form/dns_txt.tform.php
@@ -137,7 +137,7 @@ $form["tabs"]['dns'] = array (
'range' => '60:',
'errmsg'=> 'ttl_range_error'),
),
- 'default' => '86400',
+ 'default' => '3600',
'value' => '',
'width' => '10',
'maxlength' => '10'
diff --git a/interface/web/dns/lib/module.conf.php b/interface/web/dns/lib/module.conf.php
index 83027c67d2c9cf7af8a6023519b87090b60ff196..75b17a98e8d975871418da2f4a8655f3b5d3aacc 100644
--- a/interface/web/dns/lib/module.conf.php
+++ b/interface/web/dns/lib/module.conf.php
@@ -5,6 +5,7 @@ $module["title"] = "top_menu_dns";
$module["template"] = "module.tpl.htm";
$module["startpage"] = "dns/dns_soa_list.php";
$module["tab_width"] = '';
+$module['order'] = '50';
$items[] = array( 'title' => "Add DNS Zone",
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index 3b47cf10c279b729b7bae3018a41fdf4f335d400..bf5bf1d52dbd2400614b7a33c2ed12ce9a40f153 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field' => "type",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TXT'=>'TXT'));
+ 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));
?>
diff --git a/interface/web/dns/list/dns_slave.list.php b/interface/web/dns/list/dns_slave.list.php
index 5c0be05fb35e3293aef6c39f35ae18e44fe12baf..529a18966283063ff5e6fae67454ee3768ad62f9 100644
--- a/interface/web/dns/list/dns_slave.list.php
+++ b/interface/web/dns/list/dns_slave.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
@@ -83,7 +83,8 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ 'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",
'keyfield'=> 'groupid',
'valuefield'=> 'name'
),
diff --git a/interface/web/dns/list/dns_soa.list.php b/interface/web/dns/list/dns_soa.list.php
index d6f56414e0a7755a340f1f876a18a5cfb400da81..2f4233e066ad6b37478095bbd382806029cb50b3 100644
--- a/interface/web/dns/list/dns_soa.list.php
+++ b/interface/web/dns/list/dns_soa.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
@@ -83,7 +83,8 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ 'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",
'keyfield'=> 'groupid',
'valuefield'=> 'name'
),
diff --git a/interface/web/dns/list/dns_template.list.php b/interface/web/dns/list/dns_template.list.php
index 63302d956e43681b39043332c6d5e4aac6ca529a..be5d6934160c223e81dda23fec6399cf32cf6205 100644
--- a/interface/web/dns/list/dns_template.list.php
+++ b/interface/web/dns/list/dns_template.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "visible",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
$liste["item"][] = array( 'field' => "name",
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index 4343d1bd96a08568c82e8f5d651fcec216a8497a..790fbdcb39d06d29be75da3bc849daf9d3093428 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -71,7 +71,7 @@
<td><a href="#" data-load-content="dns/dns_{tmpl_var name='type_lowercase'}_edit.php?id={tmpl_var name='id'}">{tmpl_var name="aux"}</a></td>
<td><a href="#" data-load-content="dns/dns_{tmpl_var name='type_lowercase'}_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ttl"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_rr_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_rr_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_import.htm b/interface/web/dns/templates/dns_import.htm
index de6d356b6b1cb41fb370a5698a8fe5938897ef53..aa9346cad088fc52b39d855bc37403e1883baae8 100644
--- a/interface/web/dns/templates/dns_import.htm
+++ b/interface/web/dns/templates/dns_import.htm
@@ -38,18 +38,18 @@
</select></div>
<tmpl_else>
<div class="col-sm-9"><input type="text" name="domain" id="domain" value="{tmpl_var name='domain'}" class="form-control" onkeydown="keydown(event.which);" /></div></tmpl_if>
- <p class="value"><tmpl_var name='domain_field_desc_txt'}</p>
+ <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text"><tmpl_var name='domain_field_desc_txt'}</div>
</div>
<div class="form-group">
<label for="file" class="col-sm-3 control-label">{tmpl_var name='zonefile_to_import_txt'}</label>
- <input name="file" id="file" size="30" type="file" class="fileUpload" />
+ <div class="col-sm-9 col-text"><input name="file" id="file" size="30" type="file" class="fileUpload" /></div>
</div>
<tmpl_if name="msg">
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/dns/templates/dns_slave_admin_list.htm b/interface/web/dns/templates/dns_slave_admin_list.htm
index 094c1afdaf1f61443a191adf90b38462818b1713..f4395849be181b2c9c3f7faecb0025f5d5874804 100644
--- a/interface/web/dns/templates/dns_slave_admin_list.htm
+++ b/interface/web/dns/templates/dns_slave_admin_list.htm
@@ -59,7 +59,7 @@
<td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="origin"}</a></td>
<td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_slave_list.htm b/interface/web/dns/templates/dns_slave_list.htm
index 47b5a918cf65bab503fbef389fe9d7f71a128dde..27916f4b25976827f1c342742f81f7c63b22e1d7 100644
--- a/interface/web/dns/templates/dns_slave_list.htm
+++ b/interface/web/dns/templates/dns_slave_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="origin"}</a></td>
<td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_soa_admin_list.htm b/interface/web/dns/templates/dns_soa_admin_list.htm
index 87ffe368bcce95109ead679b397482345ef518eb..0f14534c536b829778d1d835014887457d7e5ec4 100644
--- a/interface/web/dns/templates/dns_soa_admin_list.htm
+++ b/interface/web/dns/templates/dns_soa_admin_list.htm
@@ -64,7 +64,7 @@
<td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>
<td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="mbox"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_soa_list.htm b/interface/web/dns/templates/dns_soa_list.htm
index 6c53779548f5d6187fc9b0683c8eebf7cff01a8c..5162119900ca21c5cc5234c0a1a36409c62cb16f 100644
--- a/interface/web/dns/templates/dns_soa_list.htm
+++ b/interface/web/dns/templates/dns_soa_list.htm
@@ -61,7 +61,7 @@
<td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>
<td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="mbox"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_template_list.htm b/interface/web/dns/templates/dns_template_list.htm
index ce0fd485b65e011f52ed4de89c60fe32c45c11db..f7816cf4d8aed22884545a539eb007e8e14e7560 100644
--- a/interface/web/dns/templates/dns_template_list.htm
+++ b/interface/web/dns/templates/dns_template_list.htm
@@ -34,7 +34,7 @@
<td><a href="#" data-load-content="dns/dns_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="visible"}</a></td>
<td><a href="#" data-load-content="dns/dns_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/dns/templates/dns_wizard.htm b/interface/web/dns/templates/dns_wizard.htm
index fb2e8135625e5170cd8c565cafc11f44661b7063..fc57fb99e226661b78b1ba126c0f5832b781c012 100644
--- a/interface/web/dns/templates/dns_wizard.htm
+++ b/interface/web/dns/templates/dns_wizard.htm
@@ -4,7 +4,7 @@
<p><tmpl_var name="list_desc_txt"></p>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php
index 53b2992c622465d6ab56a5b6176aceb49a4caa46..128480dca2c2573d3dcb630a4a4d0730d00ce640 100644
--- a/interface/web/help/faq_list.php
+++ b/interface/web/help/faq_list.php
@@ -29,7 +29,7 @@ if(!$hf_section)
$app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section";
-if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=$hf_section");
+if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);
// Start the form rendering and action ahndling
echo "<h2>FAQ: ".$res['hfs_name']."</h2>";
if($hf_section) $app->listform_actions->onLoad();
diff --git a/interface/web/help/form/support_message.tform.php b/interface/web/help/form/support_message.tform.php
index d982712c6499f4a77de2d80b07dc28653f7f072a..d80cc158157afa3f8aa6b79fc97dddad9b76a546 100644
--- a/interface/web/help/form/support_message.tform.php
+++ b/interface/web/help/form/support_message.tform.php
@@ -46,7 +46,7 @@ $sm_default_subject = '';
if(isset($_GET['reply']))
{
$sm_msg_id = preg_replace("/[^0-9]/", "", $_GET['reply']);
- $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=$sm_msg_id");
+ $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=?", $sm_msg_id);
if($res['sender_id'])
{
$sm_default_recipient_id = $res['sender_id'];
diff --git a/interface/web/help/support_message_edit.php b/interface/web/help/support_message_edit.php
index 2d47bbf2513d7fa8397a929ed2a3ee63d5765df0..4fcf5da215b7a99e226eacce34d52dd3612d89e6 100644
--- a/interface/web/help/support_message_edit.php
+++ b/interface/web/help/support_message_edit.php
@@ -33,8 +33,8 @@ class page_action extends tform_actions {
//* Get recipient email address
if($this->dataRecord['recipient_id'] > 1){
- $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+ $client = $app->db->queryOneRecord($sql, $this->dataRecord['recipient_id']);
$recipient_email = $client['email'];
} else {
$app->uses('ini_parser,getconf');
@@ -44,8 +44,8 @@ class page_action extends tform_actions {
//* Get sender email address
if($this->dataRecord['sender_id'] > 1){
- $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+ $client = $app->db->queryOneRecord($sql, $this->dataRecord['sender_id']);
$sender_email = $client['email'];
} else {
$app->uses('ini_parser,getconf');
@@ -91,7 +91,7 @@ class page_action extends tform_actions {
//* read only template if a existing message is loaded
if($this->id > 0) {
$app->tform->formDef['tabs']['message']['template'] = 'templates/support_message_view.htm';
- $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ".$this->id);
+ $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ?", $this->id);
if ($record['tstamp'] > 0) {
// is value int?
if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record['tstamp'], $p)) {
@@ -113,7 +113,7 @@ class page_action extends tform_actions {
global $app, $conf;
if($_SESSION['s']['user']['typ'] == 'admin') {
- $app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
+ $app->db->query("UPDATE support_message SET sys_userid = ? WHERE support_message_id = ?", $this->dataRecord['recipient_id'], $this->id);
}
}
diff --git a/interface/web/help/templates/faq_manage_questions_list.htm b/interface/web/help/templates/faq_manage_questions_list.htm
index e0a0d4549c3397923bb8db2ddce5e005fdc6e1ea..7659d39092be009160a7ddb33dcc71c69c978baf 100644
--- a/interface/web/help/templates/faq_manage_questions_list.htm
+++ b/interface/web/help/templates/faq_manage_questions_list.htm
@@ -24,10 +24,10 @@
<td width="60%">{tmpl_var name='hf_question'}</td>
<td width="30%">{tmpl_var name='hf_section'}</td>
<td class="text-right" width="5%">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
<td class="text-right" width="5%">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/help/templates/help_faq_list.htm b/interface/web/help/templates/help_faq_list.htm
index 93bb9d2af24687409269028991a5925307c41dc7..e81dae2e0ba7279ce2c4f5a03203c4e0e04cf15f 100644
--- a/interface/web/help/templates/help_faq_list.htm
+++ b/interface/web/help/templates/help_faq_list.htm
@@ -5,7 +5,7 @@
{tmpl_var name='hf_answer'}
</p>
<tmpl_if name='is_admin'>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
<a href="#" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}">{tmpl_var name="edit_txt"}</a>
<br/>
<br/>
diff --git a/interface/web/help/templates/help_faq_sections_list.htm b/interface/web/help/templates/help_faq_sections_list.htm
index 6ccc7b49e34c2f2506dbb32c59a36d0beed099ed..5a3733aa0b6da6333fee5cdd762ef3b804f1f974 100644
--- a/interface/web/help/templates/help_faq_sections_list.htm
+++ b/interface/web/help/templates/help_faq_sections_list.htm
@@ -26,10 +26,10 @@
<tr>
<td><b>{tmpl_var name='hfs_name'}</b></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
<td class="text-right">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_sections_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_sections_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/help/templates/support_message_list.htm b/interface/web/help/templates/support_message_list.htm
index 4b7ee5abc8150b81a18b7ce16c99dc7600ae3f20..1695cccd77dbba128923d76dd9ad2f79755ee4ee 100644
--- a/interface/web/help/templates/support_message_list.htm
+++ b/interface/web/help/templates/support_message_list.htm
@@ -37,7 +37,7 @@
<td><a href="#" data-load-content="help/support_message_edit.php?id={tmpl_var name='id'}">{tmpl_var name="subject"}</a></td>
<td><a href="#" data-load-content="help/support_message_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tstamp"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/support_message_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/support_message_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/index.php b/interface/web/index.php
index f6929bafc1746cbb472e5875859713995f1596d9..e942c1068810c8eabf587161d638a7e568e7fc9d 100644
--- a/interface/web/index.php
+++ b/interface/web/index.php
@@ -87,6 +87,19 @@ unset($js_d_files);
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
+// Logo
+$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
+if($logo['custom_logo'] != ''){
+ $base64_logo_txt = $logo['custom_logo'];
+} else {
+ $base64_logo_txt = $logo['default_logo'];
+}
+$tmp_base64 = explode(',', $base64_logo_txt, 2);
+$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
+$app->tpl->setVar('base64_logo_width', $logo_dimensions[0]);
+$app->tpl->setVar('base64_logo_height', $logo_dimensions[1]);
+$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
+
$app->tpl_defaults();
$app->tpl->pparse();
?>
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 80c4d17c719a4386b3fe88a3c086270f8cb02cff..ddc6cfb34dab0cb1cfcae25082934a904b111fbf 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -73,9 +73,9 @@ class login_index {
if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length');
//** iporting variables
- $ip = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));
- $username = $app->db->quote($_POST['username']);
- $passwort = $app->db->quote($_POST['passwort']);
+ $ip = ip2long($_SERVER['REMOTE_ADDR']);
+ $username = $_POST['username'];
+ $passwort = $_POST['passwort'];
$loginAs = false;
$time = time();
@@ -103,13 +103,13 @@ class login_index {
/* this is the one currently logged in (normal user) */
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");
+ $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
/* this is the reseller, that shall be re-logged in */
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $tmp = $app->db->queryOneRecord($sql, $username, $passwort);
$client_group_id = $app->functions->intval($tmp['default_group']);
- $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
die("You don't have the right to 'login as' this user!");
@@ -125,12 +125,12 @@ class login_index {
} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
/* a reseller wants to 'login as', we need to check if he is allowed to */
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
+ $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
/* this is the user the reseller wants to 'login as' */
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $tmp = $app->db->queryOneRecord($sql);
- $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $tmp = $app->db->queryOneRecord($sql, $username, $passwort);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
die("You don't have the right to login as this user!");
@@ -147,21 +147,21 @@ class login_index {
}
//* Check if there are already wrong logins
- $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
- $alreadyfailed = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
$error = $app->lng('error_user_too_many_logins');
} else {
if ($loginAs){
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+ $user = $app->db->queryOneRecord($sql, $username, $passwort);
} else {
if(stristr($username, '@')) {
//* mailuser login
- $sql = "SELECT * FROM mail_user WHERE login = '$username' or email = '$username'";
- $mailuser = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
+ $mailuser = $app->db->queryOneRecord($sql, $username, $username);
$user = false;
if($mailuser) {
$saved_password = stripslashes($mailuser['password']);
@@ -187,8 +187,8 @@ class login_index {
} else {
//* normal cp user login
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -225,8 +225,8 @@ class login_index {
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
if(!$maintenance_mode || $user['typ'] == 'admin'){
// User login right, so attempts can be deleted
- $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";
- $app->db->query($sql);
+ $sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
+ $app->db->query($sql, $ip);
$user = $app->db->toLower($user);
if ($loginAs) $oldSession = $_SESSION['s'];
@@ -290,12 +290,12 @@ class login_index {
if(!$alreadyfailed['times'] )
{
//* user login the first time wrong
- $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('{$ip}', 1, NOW())";
- $app->db->query($sql);
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $ip);
} elseif($alreadyfailed['times'] >= 1) {
//* update times wrong
- $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '{$time}' LIMIT 1";
- $app->db->query($sql);
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $ip);
}
//* Incorrect login - Username and password incorrect
$error = $app->lng('error_user_password_incorrect');
@@ -322,7 +322,7 @@ class login_index {
// Maintenance mode - show message when people try to log in and also when people are forcedly logged off
if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error;
if($error != ''){
- $error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
+ $error = '<div class="box box_error">'.$error.'</div>';
}
$app->load('getconf');
@@ -335,6 +335,8 @@ class login_index {
}
$app->tpl->setVar('error', $error);
+ $app->tpl->setVar('error_txt', $app->lng('error_txt'));
+ $app->tpl->setVar('login_txt', $app->lng('login_txt'));
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
$app->tpl->setVar('username_txt', $app->lng('username_txt'));
$app->tpl->setVar('password_txt', $app->lng('password_txt'));
diff --git a/interface/web/login/login_as.php b/interface/web/login/login_as.php
index bcbb10a789583e869fedae34441b5d48901f25a0..85bc3662b4d661974b529eea7e42e865eb0297f0 100644
--- a/interface/web/login/login_as.php
+++ b/interface/web/login/login_as.php
@@ -54,13 +54,13 @@ if(isset($_GET['id'])) {
$backlink = 'admin/users_list.php';
} else {
$client_id = $app->functions->intval($_GET['cid']);
- $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id");
- $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
+ $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = ?", $client_id);
+ $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = ?", $tmp_client['username']);
$userId = $app->functions->intval($tmp_sys_user['userid']);
/* check if this client belongs to reseller that tries to log in, if we are not admin */
if($_SESSION["s"]["user"]["typ"] != 'admin') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) {
die("You don't have the right to login as this user!");
}
@@ -76,7 +76,7 @@ if(isset($_GET['id'])) {
* Get the data to login as user x
*/
$dbData = $app->db->queryOneRecord(
- "SELECT username, passwort FROM sys_user WHERE userid = " . $userId);
+ "SELECT username, passwort FROM sys_user WHERE userid = ?", $userId);
/*
* Now generate the login-Form
diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php
index 8d947d40f815ff5a31c9d26b014881606fc5e28e..5092aeb02fe648d1b69ddeb6ce4bb83e5777e482 100644
--- a/interface/web/login/logout.php
+++ b/interface/web/login/logout.php
@@ -43,9 +43,11 @@ if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true;
if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) &&
(!$forceLogout)){
$utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller');
+ $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng';
+ include $lng_file;
echo '
<br /> <br /> <br /> <br />
- Do you want to re-login as ' . $utype . ' or log out?<br />
+ '.str_replace('{UTYPE}', $utype, $wb['login_as_or_logout_txt']).'<br />
<div style="visibility:hidden">
<input type="text" name="username" value="' . $_SESSION['s_old']['user']['username'] . '" />
<input type="password" name="passwort" value="' . $_SESSION['s_old']['user']['passwort'] .'" />
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 5eac46a79ed1b79b5652ff86b2d098d01f2181af..96259349ddfba7cb5d687df59fa68961aac909ee 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -51,8 +51,8 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
- $username = $app->db->quote($_POST['username']);
- $email = $app->db->quote($_POST['email']);
+ $username = $_POST['username'];
+ $email = $_POST['email'];
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
@@ -62,11 +62,10 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if($client['client_id'] > 0) {
$new_password = $app->auth->get_random_password();
$new_password_encrypted = $app->auth->crypt_password($new_password);
- $new_password_encrypted = $app->db->quote($new_password_encrypted);
- $username = $app->db->quote($client['username']);
- $app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");
- $app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'");
+ $username = $client['username'];
+ $app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username);
+ $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);
$app->tpl->setVar("message", $wb['pw_reset']);
$app->uses('getconf,ispcmail');
diff --git a/interface/web/login/templates/index.htm b/interface/web/login/templates/index.htm
index 35f78bfe28ffad7edb2641d094b47c9c82214c41..d6972b9ef93473bd49e498e510a144cd40a5ae8b 100644
--- a/interface/web/login/templates/index.htm
+++ b/interface/web/login/templates/index.htm
@@ -9,11 +9,11 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><li><tmpl_var name="error"></li></ol><br /><a href="#" data-load-content="login/password_reset.php">{tmpl_var name='pw_lost_txt'}</a></div>
+ <div id="errorMsg"><h3>{tmpl_var name='error_txt'}</h3><ol><li><tmpl_var name="error"></li></ol><br /><a href="#" data-load-content="login/password_reset.php">{tmpl_var name='pw_lost_txt'}</a></div>
</tmpl_if>
<div class="pnl_formsarea">
- <legend>{tmpl_var name='login_txt'}Login</legend>
+ <legend>{tmpl_var name='login_txt'}</legend>
<div class="form-group">
<label for="username" class="col-sm-3 control-label">{tmpl_var name='username_txt'}</label>
<div class="col-sm-9"><input type="text" name="username" id="username" value="" class="form-control" onkeypress="if (event.keyCode && event.keyCode == 13) {ISPConfig.submitLoginForm('pageForm'); return false;};" /></div></div>
diff --git a/interface/web/login/templates/password_reset.htm b/interface/web/login/templates/password_reset.htm
index eabb4727118c890d260a897da464fa2d9538a26e..66dc06a946fd1f8718f4e099c285210aedd9e0fe 100644
--- a/interface/web/login/templates/password_reset.htm
+++ b/interface/web/login/templates/password_reset.htm
@@ -9,7 +9,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<div class="pnl_formsarea">
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index 3fe62a2ac3c335e0ec5fd7e026784e8423e3e16f..095c72fba2317415284885be53849b5fa03f02c8 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -58,7 +58,7 @@ $form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d =
$muc_available = $muc_pastebin_available = $muc_httparchive_available = $anon_available = $vjud_available = $proxy_available = $status_available = true;
if(!$app->auth->is_admin()) {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['limit_xmpp_muc'] != 'y') $muc_available = false;
if($client['limit_xmpp_pastebin'] != 'y' || $client['limit_xmpp_muc'] != 'y') $muc_pastebin_available = false;
diff --git a/interface/web/mail/lib/module.conf.php b/interface/web/mail/lib/module.conf.php
index b6df07e97e1dfc6d6911e6e13a76baa091e76d0a..ca7d177860c13cdba2d509808cfe199c0eb86250 100644
--- a/interface/web/mail/lib/module.conf.php
+++ b/interface/web/mail/lib/module.conf.php
@@ -7,6 +7,7 @@ $module['title'] = 'top_menu_email';
$module['template'] = 'module.tpl.htm';
$module['startpage'] = 'mail/mail_domain_list.php';
$module['tab_width'] = '';
+$module['order'] = '40';
//**** Email accounts menu
diff --git a/interface/web/mail/list/mail_alias.list.php b/interface/web/mail/list/mail_alias.list.php
index 2f92e2c1c649fd3466efb8323479ead9eb696292..fcbfb94591374afd1d623387838425a262bd563c 100644
--- a/interface/web/mail/list/mail_alias.list.php
+++ b/interface/web/mail/list/mail_alias.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_aliasdomain.list.php b/interface/web/mail/list/mail_aliasdomain.list.php
index c5dc4e3cf16065c9d11a696c0b38c36bcbf84b85..8408e9e60469769f9d6a8dace8607b0ce4aba05c 100644
--- a/interface/web/mail/list/mail_aliasdomain.list.php
+++ b/interface/web/mail/list/mail_aliasdomain.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_blacklist.list.php b/interface/web/mail/list/mail_blacklist.list.php
index 434656b729cbf86f35d9575f8b3baeb81a4ee8d8..4b6c81be980b70397f7ccc3451cfcd54761ea092 100644
--- a/interface/web/mail/list/mail_blacklist.list.php
+++ b/interface/web/mail/list/mail_blacklist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
diff --git a/interface/web/mail/list/mail_content_filter.list.php b/interface/web/mail/list/mail_content_filter.list.php
index aa79312a486d357b908d303ae353389e9fde76b1..231460d3f428c17cdbff805285b6526d1da4ca4c 100644
--- a/interface/web/mail/list/mail_content_filter.list.php
+++ b/interface/web/mail/list/mail_content_filter.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
diff --git a/interface/web/mail/list/mail_domain.list.php b/interface/web/mail/list/mail_domain.list.php
index 6756f5bb250e7882cfb390cf314f70c9698dc2f9..c2005aeb3e5747d26813f094daa23cd1bf98fc77 100644
--- a/interface/web/mail/list/mail_domain.list.php
+++ b/interface/web/mail/list/mail_domain.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
if($_SESSION['s']['user']['typ'] == 'admin') {
@@ -70,7 +70,8 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ 'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",
'keyfield'=> 'groupid',
'valuefield'=> 'name'
),
diff --git a/interface/web/mail/list/mail_domain_catchall.list.php b/interface/web/mail/list/mail_domain_catchall.list.php
index 75d311df73c804a231d639c13eb19436657756ef..4413c491a2d5d35b12ea6bbb7aa00c306f4f28fd 100644
--- a/interface/web/mail/list/mail_domain_catchall.list.php
+++ b/interface/web/mail/list/mail_domain_catchall.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_forward.list.php b/interface/web/mail/list/mail_forward.list.php
index 524c2a7e8d7c909a5f9346a0a8f111a948c4ac0d..831e8b458bd72307ba7913613dc5711d200c0eaf 100644
--- a/interface/web/mail/list/mail_forward.list.php
+++ b/interface/web/mail/list/mail_forward.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_get.list.php b/interface/web/mail/list/mail_get.list.php
index aa9338620350599ee746777cb75c81f1bb8a7afc..154401a3a0da1e14406f7bd1a69f1b1a98cb2573 100644
--- a/interface/web/mail/list/mail_get.list.php
+++ b/interface/web/mail/list/mail_get.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_relay_recipient.list.php b/interface/web/mail/list/mail_relay_recipient.list.php
index cc26721430ad46c98bfaa16f761da4b93547fa4c..eb6bdd91f81acffc5b128d773f1107c42e77c4de 100644
--- a/interface/web/mail/list/mail_relay_recipient.list.php
+++ b/interface/web/mail/list/mail_relay_recipient.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_spamfilter.list.php b/interface/web/mail/list/mail_spamfilter.list.php
index 645feac0bd803a4ab44315f6812f0b47533de17b..77bd491ec2277dae51c19d04e231d49caf34aac8 100644
--- a/interface/web/mail/list/mail_spamfilter.list.php
+++ b/interface/web/mail/list/mail_spamfilter.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_transport.list.php b/interface/web/mail/list/mail_transport.list.php
index d554da96cc611c6e3af7076c042bed39d2c42627..f45d083ed241cdb073910d005321a854e3495966 100644
--- a/interface/web/mail/list/mail_transport.list.php
+++ b/interface/web/mail/list/mail_transport.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_user.list.php b/interface/web/mail/list/mail_user.list.php
index 253aa90ed600d953ec7af84c838b75d5240b5ffe..fd15658eac85cc6d27238e5d2fc59263f3594442 100644
--- a/interface/web/mail/list/mail_user.list.php
+++ b/interface/web/mail/list/mail_user.list.php
@@ -87,7 +87,7 @@ $liste["item"][] = array( 'field' => "autoresponder",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "postfix",
'datatype' => "VARCHAR",
@@ -96,7 +96,7 @@ $liste["item"][] = array( 'field' => "postfix",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "disablesmtp",
'datatype' => "VARCHAR",
@@ -105,7 +105,7 @@ $liste["item"][] = array( 'field' => "disablesmtp",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "disableimap",
'datatype' => "VARCHAR",
@@ -114,7 +114,7 @@ $liste["item"][] = array( 'field' => "disableimap",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "disablepop3",
'datatype' => "VARCHAR",
@@ -123,6 +123,6 @@ $liste["item"][] = array( 'field' => "disablepop3",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
?>
diff --git a/interface/web/mail/list/mail_whitelist.list.php b/interface/web/mail/list/mail_whitelist.list.php
index 2069a6b533af8f12f004c1d07396b67f56a86922..d61da29e1fbe9c7a48403f7c2b5d899a0d83f4c7 100644
--- a/interface/web/mail/list/mail_whitelist.list.php
+++ b/interface/web/mail/list/mail_whitelist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_blacklist.list.php b/interface/web/mail/list/spamfilter_blacklist.list.php
index faadd53263bf0dd35bb19a5f2d05b0f480e8abe7..76f9ebba6121fec5994939b5a55fcd0fb6b59f8d 100644
--- a/interface/web/mail/list/spamfilter_blacklist.list.php
+++ b/interface/web/mail/list/spamfilter_blacklist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_policy.list.php b/interface/web/mail/list/spamfilter_policy.list.php
index 03b39722a8b211aece7a68c87353feca96646903..eeb8746f0da4daeb315a411c76d84a811332571f 100644
--- a/interface/web/mail/list/spamfilter_policy.list.php
+++ b/interface/web/mail/list/spamfilter_policy.list.php
@@ -65,7 +65,7 @@ $liste["item"][] = array( 'field' => "virus_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "spam_lover",
@@ -75,7 +75,7 @@ $liste["item"][] = array( 'field' => "spam_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "banned_files_lover",
@@ -85,7 +85,7 @@ $liste["item"][] = array( 'field' => "banned_files_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "bad_header_lover",
@@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "bad_header_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
diff --git a/interface/web/mail/list/spamfilter_users.list.php b/interface/web/mail/list/spamfilter_users.list.php
index 6438d9fff09023db41ee47ee2ed90f50e71c5c44..0d65df505e6a672e3feed978b16417c4bfbf01c5 100644
--- a/interface/web/mail/list/spamfilter_users.list.php
+++ b/interface/web/mail/list/spamfilter_users.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "local",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_whitelist.list.php b/interface/web/mail/list/spamfilter_whitelist.list.php
index 8e5d8b7fc3456061c3775d4dd8ab71e3c0225665..6f6463875b16d9041ff33cdb71cb76daa9e7314f 100644
--- a/interface/web/mail/list/spamfilter_whitelist.list.php
+++ b/interface/web/mail/list/spamfilter_whitelist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php
index ba08717a2db9d470c86ee043a1254f0ffb9f2a3a..4292f8f4c2e405c45256a8cdf35000c9eefe8f3c 100644
--- a/interface/web/mail/mail_alias_edit.php
+++ b/interface/web/mail/mail_alias_edit.php
@@ -95,12 +95,12 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if Domain belongs to user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
//* Check if destination email belongs to user
if(isset($_POST["destination"])) {
- $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");
}
@@ -108,11 +108,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailalias"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'alias'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'alias'", $client_group_id);
if($tmp["number"] >= $client["limit_mailalias"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailalias_txt"]."<br>";
}
@@ -130,15 +130,15 @@ class page_action extends tform_actions {
unset($this->dataRecord["email_domain"]);
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($this->dataRecord["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $this->dataRecord["source"]);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_mailbox_txt")."<br>";
unset($tmp);
//* Check if email alias exists
if($this->id > 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["source"])."' AND destination = '".$app->db->quote($this->dataRecord["destination"])."' AND forwarding_id != ".$this->id);
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ? AND forwarding_id != ?", $this->dataRecord["source"], $this->dataRecord["destination"], $this->id);
} else {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["source"])."' AND destination = '".$app->db->quote($this->dataRecord["destination"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ?", $this->dataRecord["source"], $this->dataRecord["destination"]);
}
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_email_alias_txt")."<br>";
unset($tmp);
@@ -149,8 +149,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
+ $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php
index 25e0484285985e3bcb5ed6c1e7efd8753459e495..918a5f3a05b47a9e3a16a328c030e4d8eaafa35d 100644
--- a/interface/web/mail/mail_aliasdomain_edit.php
+++ b/interface/web/mail/mail_aliasdomain_edit.php
@@ -97,11 +97,11 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if source Domain belongs to user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["source"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["source"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["source"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
// Check if the destination domain belongs to the user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
// Check the client limits, if user is not the admin
@@ -115,10 +115,11 @@ class page_action extends tform_actions {
} // end if user is not admin
if($this->dataRecord["source"] == $this->dataRecord["destination"]) $app->tform->errorMessage .= $app->tform->wordbook["source_destination_identical_txt"];
-
+
+ /* TODO: check if this quoting is correkt! */
// compose the source and destination field
- $this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);
- $this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);
+ $this->dataRecord["source"] = "@".$this->dataRecord["source"];
+ $this->dataRecord["destination"] = "@".$this->dataRecord["destination"];
// Set the server id of the mailbox = server ID of mail domain.
$this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);
@@ -128,8 +129,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
+ $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_blacklist_edit.php b/interface/web/mail/mail_blacklist_edit.php
index 23f7516cdf507c42c8388cd85a88c9ec48c5602e..b4a2a22693f73da98069c883be00e1c7b5473307 100644
--- a/interface/web/mail/mail_blacklist_edit.php
+++ b/interface/web/mail/mail_blacklist_edit.php
@@ -73,7 +73,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -90,11 +90,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?" , $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";
}
diff --git a/interface/web/mail/mail_content_filter_edit.php b/interface/web/mail/mail_content_filter_edit.php
index 5672135ca1172c1e37018f44890e9d3c582bac7b..dce1f0565c234e4a4e29210d45c129fe991dffb7 100644
--- a/interface/web/mail/mail_content_filter_edit.php
+++ b/interface/web/mail/mail_content_filter_edit.php
@@ -58,7 +58,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from mail_content_filter WHERE content_filter_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from mail_content_filter WHERE content_filter_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php
index 80729493f946f1d015613184d68f754947207ce2..60da619e14363aaaa6903febdb4ec81df3e7ed76 100644
--- a/interface/web/mail/mail_domain_catchall_edit.php
+++ b/interface/web/mail/mail_domain_catchall_edit.php
@@ -94,18 +94,18 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if Domain belongs to user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another catchall
if($this->id == 0 && $client["limit_mailcatchall"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'catchall'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'catchall'", $client_group_id);
if($tmp["number"] >= $client["limit_mailcatchall"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailcatchall_txt"]."<br>";
}
@@ -127,8 +127,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
+ $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_domain_del.php b/interface/web/mail/mail_domain_del.php
index ba715a6dfc6bedcf432b6eaaf804986616a46faf..6941cd60821cf95d0235ba2eed93d7d5d43ed348 100644
--- a/interface/web/mail/mail_domain_del.php
+++ b/interface/web/mail/mail_domain_del.php
@@ -60,31 +60,31 @@ class page_action extends tform_actions {
// we will delete all depending records.
// Delete all forwardings where the source or destination belongs to this domain
- $records = $app->db->queryAllRecords("SELECT forwarding_id as id FROM mail_forwarding WHERE source like '%@".$app->db->quote($domain)."' OR (destination like '%@".$app->db->quote($domain)."' AND type != 'forward')");
+ $records = $app->db->queryAllRecords("SELECT forwarding_id as id FROM mail_forwarding WHERE source like ? OR (destination like ? AND type != 'forward')", '%@' . $domain, '%@' . $domain);
foreach($records as $rec) {
$app->db->datalogDelete('mail_forwarding', 'forwarding_id', $rec['id']);
}
// Delete all fetchmail accounts where destination belongs to this domain
- $records = $app->db->queryAllRecords("SELECT mailget_id as id FROM mail_get WHERE destination like '%@".$app->db->quote($domain)."'");
+ $records = $app->db->queryAllRecords("SELECT mailget_id as id FROM mail_get WHERE destination like ?", '%@' . $domain);
foreach($records as $rec) {
$app->db->datalogDelete('mail_get', 'mailget_id', $rec['id']);
}
// Delete all mailboxes where destination belongs to this domain
- $records = $app->db->queryAllRecords("SELECT mailuser_id as id FROM mail_user WHERE email like '%@".$app->db->quote($domain)."'");
+ $records = $app->db->queryAllRecords("SELECT mailuser_id as id FROM mail_user WHERE email like ?", '%@' . $domain);
foreach($records as $rec) {
$app->db->datalogDelete('mail_user', 'mailuser_id', $rec['id']);
}
// Delete all spamfilters that belong to this domain
- $records = $app->db->queryAllRecords("SELECT id FROM spamfilter_users WHERE email = '%@".$app->db->quote($domain)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM spamfilter_users WHERE email = ?", '%@' . $domain);
foreach($records as $rec) {
$app->db->datalogDelete('spamfilter_users', 'id', $rec['id']);
}
// Delete all mailinglists that belong to this domain
- $records = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($domain)."'");
+ $records = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $domain);
foreach($records as $rec) {
$app->db->datalogDelete('mail_mailinglist', 'mailinglist_id', $rec['id']);
}
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index d7716ab923f9623e6ce3fe458d443fb3401842fd..693013b2ff2235410d5685dc543534531ddb7093 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -95,18 +95,18 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by client.contact_name");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
// Set the mailserver to the default server of the client
- $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_mailserver]");
+ $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
$app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>$tmp[server_name]</option>");
unset($tmp);
if ($settings['use_domain_module'] != 'y') {
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_mail['mail_servers_ids'] = explode(',', $client_mail['mail_servers']);
@@ -133,13 +133,13 @@ class page_action extends tform_actions {
$app->tpl->setVar('server_id_value', $client_mail['mail_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_mail['mail_servers'] . ");";
- $mail_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $mail_servers = $app->db->queryAllRecords($sql, $client_mail['mail_servers_ids']);
$options_mail_servers = "";
foreach ($mail_servers as $mail_server) {
- $options_mail_servers .= "<option value='$mail_server[server_id]'>$mail_server[server_name]</option>";
+ $options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$mail_server['server_name'].'</option>';
}
$app->tpl->setVar("client_server_id", $options_mail_servers);
@@ -183,7 +183,7 @@ class page_action extends tform_actions {
// Get the spamfilter policys for the user
- $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);
$sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r')." ORDER BY policy_name";
$policys = $app->db->queryAllRecords($sql);
$policy_select = "<option value='0'>".$app->tform->wordbook["no_policy"]."</option>";
@@ -241,11 +241,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
@@ -258,7 +258,7 @@ class page_action extends tform_actions {
}
if($client["limit_maildomain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_maildomain"]) {
$app->error($app->tform->wordbook["limit_maildomain_txt"]);
}
@@ -282,15 +282,26 @@ class page_action extends tform_actions {
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
if($policy_id > 0) {
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);
if($tmp_user["id"] > 0) {
// There is already a record that we will update
- $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
+ $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);
} else {
- $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
+ $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ?", $this->id);
// We create a new record
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
- VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $_SESSION["s"]["user"]["userid"],
+ "sys_groupid" => $tmp_domain["sys_groupid"],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $this->dataRecord["server_id"],
+ "priority" => 5,
+ "policy_id" => $policy_id,
+ "email" => '@' . $this->dataRecord["domain"],
+ "fullname" => '@' . $this->dataRecord["domain"],
+ "local" => 'Y'
+ );
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
unset($tmp_domain);
}
@@ -310,7 +321,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -320,7 +331,7 @@ class page_action extends tform_actions {
//* If the user is neither admin nor reseller
} else {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ?", $this->id);
if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
@@ -336,16 +347,27 @@ class page_action extends tform_actions {
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);
if($policy_id > 0) {
if($tmp_user["id"] > 0) {
// There is already a record that we will update
- $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
+ $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);
} else {
- $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
+ $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ?", $this->id);
// We create a new record
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
- VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $_SESSION["s"]["user"]["userid"],
+ "sys_groupid" => $tmp_domain["sys_groupid"],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $this->dataRecord["server_id"],
+ "priority" => 5,
+ "policy_id" => $policy_id,
+ "email" => '@' . $this->dataRecord["domain"],
+ "fullname" => '@' . $this->dataRecord["domain"],
+ "local" => 'Y'
+ );
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
unset($tmp_domain);
}
@@ -361,9 +383,9 @@ class page_action extends tform_actions {
$mail_config = $app->getconf->get_server_config($this->dataRecord["server_id"], 'mail');
//* Update the mailboxes
- $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");
+ $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", '%@' . $this->oldDataRecord['domain']);
$sys_groupid = $app->functions->intval((isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid']);
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
if(is_array($mailusers)) {
foreach($mailusers as $rec) {
@@ -371,36 +393,35 @@ class page_action extends tform_actions {
$mail_parts = explode("@", $rec['email']);
$maildir = str_replace("[domain]", $this->dataRecord['domain'], $mail_config["maildir_path"]);
$maildir = str_replace("[localpart]", $mail_parts[0], $maildir);
- $maildir = $app->db->quote($maildir);
- $email = $app->db->quote($mail_parts[0].'@'.$this->dataRecord['domain']);
- $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);
+ $email = $mail_parts[0].'@'.$this->dataRecord['domain'];
+ $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);
}
}
//* Update the aliases
- $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($this->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");
+ $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like ? OR destination like ?", '%@' . $this->oldDataRecord['domain'], '%@' . $this->oldDataRecord['domain']);
if(is_array($forwardings)) {
foreach($forwardings as $rec) {
- $destination = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']));
- $source = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['source']));
- $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);
+ $destination = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']);
+ $source = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['source']);
+ $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);
}
}
//* Update the mailinglist
- $app->db->query("UPDATE mail_mailinglist SET sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE domain = '".$app->db->quote($this->oldDataRecord['domain'])."'");
+ $app->db->query("UPDATE mail_mailinglist SET sys_userid = ?, sys_groupid = ? WHERE domain = ?", $client_user_id, $sys_groupid, $this->oldDataRecord['domain']);
//* Update fetchmail accounts
- $fetchmail = $app->db->queryAllRecords("SELECT * FROM mail_get WHERE destination like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");
+ $fetchmail = $app->db->queryAllRecords("SELECT * FROM mail_get WHERE destination like ?", '%@' . $this->oldDataRecord['domain']);
if(is_array($fetchmail)) {
foreach($fetchmail as $rec) {
- $destination = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']));
- $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);
+ $destination = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']);
+ $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);
}
}
//* Delete the old spamfilter record
- $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->oldDataRecord["domain"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->oldDataRecord["domain"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);
unset($tmp);
@@ -422,15 +443,15 @@ class page_action extends tform_actions {
}
if (! $dkim_active) {
// updated existing dmarc-record to policy 'none'
- $sql = "SELECT * from dns_rr WHERE name = ? AND data LIKE 'v=DMARC1%' AND ?";
- $rec = $app->db->queryOneRecord($sql, '_dmarc.'.$this->dataRecord['domain'].'.', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * from dns_rr WHERE name = ? AND data LIKE 'v=DMARC1%' AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryOneRecord($sql, '_dmarc.'.$this->dataRecord['domain'].'.');
if (is_array($rec))
if (strpos($rec['data'], 'p=none=') === false) {
$rec['data'] = str_replace(array('quarantine', 'reject'), 'none', $rec['data']);
$app->db->datalogUpdate('dns_rr', $rec, 'id', $rec['id']);
$soa_id = $app->functions->intval($soa['zone']);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
- $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
}
}
}
@@ -441,15 +462,15 @@ class page_action extends tform_actions {
global $app, $conf;
// purge old rr-record(s)
- $sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND ? ORDER BY serial DESC";
- $rec = $app->db->queryAllRecords($sql, '%._domainkey.'.$dataRecord['domain'].'.', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
+ $rec = $app->db->queryAllRecords($sql, '%._domainkey.'.$dataRecord['domain'].'.');
if (is_array($rec[1])) {
for ($i=1; $i < count($rec); ++$i)
$app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);
}
// also delete a dsn-records with same selector
- $sql = "SELECT * from dns_rr WHERE name ? AND data LIKE 'v=DKIM1%' AND ?";
- $rec = $app->db->queryAllRecords($sql, '.._domainkey.'.$dataRecord['dkim_selector'].'.', $dataRecord['domain'], $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * from dns_rr WHERE name ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r');
+ $rec = $app->db->queryAllRecords($sql, '._domainkey.'.$dataRecord['dkim_selector'].'.', $dataRecord['domain']);
if (is_array($rec))
foreach ($rec as $del)
$app->db->datalogDelete('dns_rr', 'id', $del['id']);
@@ -464,7 +485,7 @@ class page_action extends tform_actions {
$app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
$new_serial = $app->validate_dns->increase_serial($zone['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
}
}
diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php
index 8add1480fe17af8201ec03da8cc68f70a3016560..17ce213cb2a31a511bf09173a55493497b0b305f 100644
--- a/interface/web/mail/mail_forward_edit.php
+++ b/interface/web/mail/mail_forward_edit.php
@@ -93,18 +93,18 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if Domain belongs to user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailforward"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'forward'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'forward'", $client_group_id);
if($tmp["number"] >= $client["limit_mailforward"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailforward_txt"]."<br>";
}
@@ -121,7 +121,7 @@ class page_action extends tform_actions {
unset($this->dataRecord["email_domain"]);
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($this->dataRecord["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $this->dataRecord["source"]);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_mailbox_txt")."<br>";
unset($tmp);
@@ -131,8 +131,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
+ $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php
index 70d1fb25e0993b843dcc2fc4ad53f1fd801cc2d2..fded96b6b2d52e30a43dae35f934d1b9b4c1672d 100644
--- a/interface/web/mail/mail_get_edit.php
+++ b/interface/web/mail/mail_get_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
//* Check if destination email belongs to user
if(isset($_POST["destination"])) {
- $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");
}
@@ -79,11 +79,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another transport.
if($this->id == 0 && $client["limit_fetchmail"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_fetchmail"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_fetchmail_txt"]."<br>";
}
@@ -93,7 +93,7 @@ class page_action extends tform_actions {
// Set the server ID according to the selected destination
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
@@ -108,8 +108,8 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app;
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
- $app->db->query("update mail_get SET sys_groupid = ".$app->functions->intval($tmp['sys_groupid'])." WHERE mailget_id = ".$this->id);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);
+ $app->db->query("update mail_get SET sys_groupid = ? WHERE mailget_id = ?", $tmp['sys_groupid'], $this->id);
}
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index 1e03ea6a26cb395f9139f298368421dbd94e19e2..5515670734700a4ec1c700085dadd0eb073df24e 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -89,12 +89,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by contact_name");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -138,35 +138,35 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Check if Domain belongs to user
if(isset($_POST["domain"])) {
- $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["domain"]);
if($domain["domain"] != $this->dataRecord["domain"]) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
// When the record is updated
if($this->id == 0) {
//Check if email is in use
- $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");
+ $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);
if($check['number'] != 0) {
$app->error($app->tform->wordbook["email_in_use_txt"]);
}
- $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");
+ $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);
if($check['number'] != 0) {
$app->error($app->tform->wordbook["email_in_use_txt"]);
}
- $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = '".$app->db->quote($this->dataRecord["listname"])."' AND domain = '".$app->db->quote($this->dataRecord["domain"])."'");
+ $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = ? AND domain = ?", $this->dataRecord["listname"], $this->dataRecord["domain"]);
if($check['number'] != 0) {
$app->error($app->tform->wordbook["email_in_use_txt"]);
}
// Check if the user may add another mail_domain
if($client["limit_mailmailinglist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailmailinglist"]) {
$app->error($app->tform->wordbook["limit_mailmailinglist_txt"]);
}
@@ -187,7 +187,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Set the server id of the mailinglist = server ID of mail domain.
- $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."'");
+ $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = ?", $this->dataRecord["domain"]);
$this->dataRecord["server_id"] = $domain['server_id'];
}
@@ -198,11 +198,11 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE mailinglist_id = ".$this->id);
+ $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE mailinglist_id = ".$this->id);
+ $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);
}
}
@@ -212,13 +212,13 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_mailinglist WHERE mailinglist_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);
$this->dataRecord["server_id"] = $rec['server_id'];
unset($rec);
//* If the user is neither admin nor reseller
} else {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT domain from mail_mailinglist WHERE mailinglist_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);
if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
@@ -235,11 +235,11 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE mailinglist_id = ".$this->id);
+ $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE mailinglist_id = ".$this->id);
+ $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);
}
}
diff --git a/interface/web/mail/mail_spamfilter_edit.php b/interface/web/mail/mail_spamfilter_edit.php
index 1219f9fd8a9cd241eb9b61a7da34ed6fe1408b61..81a4fded3326bd073e79ca9bba01e85bf75ad52a 100644
--- a/interface/web/mail/mail_spamfilter_edit.php
+++ b/interface/web/mail/mail_spamfilter_edit.php
@@ -76,8 +76,8 @@ class page_action extends tform_actions {
}
// Changing maildir to mailbox_id
- $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$app->db->quote($this->dataRecord["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');
- $mailbox = $app->db->queryOneRecord($sql);
+ $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = ? AND ".$app->tform->getAuthSQL('r');
+ $mailbox = $app->db->queryOneRecord($sql, $this->dataRecord["spam_redirect_maildir"]);
$this->dataRecord["spam_redirect_maildir"] = $mailbox["mailbox_id"];
parent::onShowEnd();
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Check if Domain belongs to user
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $_POST["email_domain"]);
if($domain["domain"] != $_POST["email_domain"]) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
// compose the email field
@@ -108,8 +108,8 @@ class page_action extends tform_actions {
$this->dataRecord["spam_delete_score_int"] = $_POST["spam_delete_score_int"] * 100;
// Changing mailbox_id to maildir
- $sql = "SELECT maildir FROM mail_box WHERE mailbox_id = '".$app->functions->intval($_POST["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');
- $mailbox = $app->db->queryOneRecord($sql);
+ $sql = "SELECT maildir FROM mail_box WHERE mailbox_id = ? AND ".$app->tform->getAuthSQL('r');
+ $mailbox = $app->db->queryOneRecord($sql, $_POST["spam_redirect_maildir"]);
$this->dataRecord["spam_redirect_maildir"] = $mailbox["maildir"];
parent::onSubmit();
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index b47869d39248f56f45f72503c37b64c4d1a2ba32..9707d2fce018433c4e8c0c84a61ba9649548d06a 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -136,11 +136,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another transport.
if($this->id == 0 && $client["limit_mailrouting"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailrouting"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailrouting_txt"]."<br>";
}
diff --git a/interface/web/mail/mail_user_del.php b/interface/web/mail/mail_user_del.php
index 6b309f88f15b70c8bc92c2800909cb1d7fe784f3..dc92047331952f097b8e80327102c71ca8a036d0 100644
--- a/interface/web/mail/mail_user_del.php
+++ b/interface/web/mail/mail_user_del.php
@@ -54,10 +54,10 @@ class page_action extends tform_actions {
function onBeforeDelete() {
global $app; $conf;
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp_user["id"]);
- $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = '".$this->id."'");
+ $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = ?", $this->id);
if(is_array($tmp_filters)) {
foreach($tmp_filters as $tmp) {
$app->db->datalogDelete('mail_user_filter', 'filter_id', $tmp["filter_id"]);
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index ff921158742c2b5443214a73511dc8b3b4548168..ab980ca6ca097137ff6e7545a6b8e0ec4b6aad3c 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -92,7 +92,7 @@ class page_action extends tform_actions {
unset($domain_select);
// Get the spamfilter policys for the user
- $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
$sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r') . " ORDER BY policy_name";
$policys = $app->db->queryAllRecords($sql);
$policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";
@@ -139,7 +139,7 @@ class page_action extends tform_actions {
//* Check if Domain belongs to user
if(isset($_POST["email_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
@@ -153,12 +153,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailbox"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailbox"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailbox_txt")."<br>";
}
@@ -167,7 +167,7 @@ class page_action extends tform_actions {
// Check the quota and adjust
if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0 && (($app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) || ($_POST["quota"] <= 0))) {
- $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user WHERE mailuser_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
+ $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user WHERE mailuser_id != ? AND ".$app->tform->getAuthSQL('u'), $this->id);
$mailquota = $tmp["mailquota"] / 1024 / 1024;
$new_mailbox_quota = $app->functions->intval($this->dataRecord["quota"]);
if(($mailquota + $new_mailbox_quota > $client["limit_mailquota"]) || ($new_mailbox_quota == 0 && $client["limit_mailquota"] != -1)) {
@@ -182,11 +182,11 @@ class page_action extends tform_actions {
if($client['parent_client_id'] > 0) {
// Get the limits of the reseller
- $reseller = $app->db->queryOneRecord("SELECT limit_mailquota, limit_maildomain FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT limit_mailquota, limit_maildomain FROM client WHERE client_id = ?", $client['parent_client_id']);
//* Check the website quota of the client
if(isset($_POST["quota"]) && $reseller["limit_mailquota"] >= 0 && $app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) {
- $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user, sys_group, client WHERE mail_user.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND mailuser_id != ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user, sys_group, client WHERE mail_user.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND mailuser_id != ?", $client['parent_client_id'], $this->id);
$mailquota = $tmp["mailquota"] / 1024 / 1024;
$new_mailbox_quota = $app->functions->intval($this->dataRecord["quota"]);
@@ -241,7 +241,7 @@ class page_action extends tform_actions {
$this->dataRecord['gid'] = -1;
//* Check if there is no alias or forward with this address
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE active = 'y' AND source = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE active = 'y' AND source = ?", $this->dataRecord["email"]);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_alias_or_forward_txt")."<br>";
unset($tmp);
@@ -267,20 +267,31 @@ class page_action extends tform_actions {
global $app, $conf;
// Set the domain owner as mailbox owner
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
+ $app->db->query("UPDATE mail_user SET sys_groupid = ? WHERE mailuser_id = ?", $domain["sys_groupid"], $this->id);
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
if($policy_id > 0) {
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
if($tmp_user["id"] > 0) {
// There is already a record that we will update
- $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
+ $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);
} else {
// We create a new record
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
- VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $_SESSION["s"]["user"]["userid"],
+ "sys_groupid" => $domain["sys_groupid"],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $domain["server_id"],
+ "priority" => 10,
+ "policy_id" => $policy_id,
+ "email" => $this->dataRecord["email"],
+ "fullname" => $this->dataRecord["email"],
+ "local" => 'Y'
+ );
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
}
} // endif spamfilter policy
@@ -293,8 +304,8 @@ class page_action extends tform_actions {
$disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';
$disablesmtp = ($this->dataRecord["disablesmtp"])?'y':'n';
- $sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver', disabledoveadm = '$disableimap' WHERE mailuser_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disabledoveadm = ? WHERE mailuser_id = ?";
+ $app->db->query($sql, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disableimap, $this->id);
}
}
@@ -303,20 +314,31 @@ class page_action extends tform_actions {
// Set the domain owner as mailbox owner
if(isset($_POST["email_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));
+ $app->db->query("UPDATE mail_user SET sys_groupid = ? WHERE mailuser_id = ?", $domain["sys_groupid"], $this->id);
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
if($policy_id > 0) {
if($tmp_user["id"] > 0) {
// There is already a record that we will update
- $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
+ $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);
} else {
// We create a new record
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
- VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $_SESSION["s"]["user"]["userid"],
+ "sys_groupid" => $domain["sys_groupid"],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $domain["server_id"],
+ "priority" => 10,
+ "policy_id" => $policy_id,
+ "email" => $this->dataRecord["email"],
+ "fullname" => $this->dataRecord["email"],
+ "local" => 'Y'
+ );
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
}
}else {
@@ -334,8 +356,8 @@ class page_action extends tform_actions {
$disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';
$disablesmtp = (isset($this->dataRecord["disablesmtp"]) && $this->dataRecord["disablesmtp"])?'y':'n';
- $sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', `disablesieve-filter` = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver', disabledoveadm = '$disableimap' WHERE mailuser_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, `disablesieve-filter` = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disabledoveadm = ? WHERE mailuser_id = ?";
+ $app->db->query($sql, $disableimap, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disableimap, $this->id);
}
//** If the email address has been changed, change it in all aliases too
@@ -343,11 +365,11 @@ class page_action extends tform_actions {
//if($this->oldDataRecord['email'] != $this->dataRecord['email']) {
//* Update the aliases
- $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE destination = '".$app->db->quote($this->oldDataRecord['email'])."'");
+ $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE destination = ?", $this->oldDataRecord['email']);
if(is_array($forwardings)) {
foreach($forwardings as $rec) {
- $destination = $app->db->quote($this->dataRecord['email']);
- $app->db->datalogUpdate('mail_forwarding', "destination = '$destination'", 'forwarding_id', $rec['forwarding_id']);
+ $destination = $this->dataRecord['email'];
+ $app->db->datalogUpdate('mail_forwarding', array("destination" => $destination), 'forwarding_id', $rec['forwarding_id']);
}
}
@@ -355,9 +377,9 @@ class page_action extends tform_actions {
//* Change backup options when user mail backup options have been changed
if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {
- $backup_interval = $app->db->quote($this->dataRecord['backup_interval']);
+ $backup_interval = $this->dataRecord['backup_interval'];
$backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);
- $app->db->datalogUpdate('mail_user', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'mailuser_id', $rec['mailuser_id']);
+ $app->db->datalogUpdate('mail_user', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'mailuser_id', $rec['mailuser_id']);
unset($backup_copies);
unset($backup_interval);
} // end if backup options changed
diff --git a/interface/web/mail/mail_user_filter_del.php b/interface/web/mail/mail_user_filter_del.php
index e352a8e73629b6420aac17c63b210798cd955247..254e9f1e94bb121a2badf034ef9abe6a0d63836c 100644
--- a/interface/web/mail/mail_user_filter_del.php
+++ b/interface/web/mail/mail_user_filter_del.php
@@ -51,33 +51,6 @@ $app->load('tform_actions');
class page_action extends tform_actions {
- /*
- //* Code moved to mailfilter plugin
- function onAfterDelete() {
- global $app, $conf;
-
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
- $skip = false;
- $lines = explode("\n",$mailuser['custom_mailfilter']);
- $out = '';
-
- foreach($lines as $line) {
- $line = trim($line);
- if($line == '### BEGIN FILTER_ID:'.$this->id) {
- $skip = true;
- }
- if($skip == false && $line != '') $out .= $line ."\n";
- if($line == '### END FILTER_ID:'.$this->id) {
- $skip = false;
- }
- }
-
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]);
-
- }
- */
-
}
$page = new page_action;
diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php
index c4331a2acb0707a1b81e2cc6a574e1e2e4c6f8a6..52cab08867578b6aec01b83b77b6fe3a910725c7 100644
--- a/interface/web/mail/mail_user_filter_edit.php
+++ b/interface/web/mail/mail_user_filter_edit.php
@@ -70,7 +70,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent mail_user record
- $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = '".$app->functions->intval($_REQUEST["mailuser_id"])."' AND ".$app->tform->getAuthSQL('r'));
+ $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = ? AND ".$app->tform->getAuthSQL('r'). $_REQUEST["mailuser_id"]);
// Check if Domain belongs to user
if($mailuser["mailuser_id"] != $_POST["mailuser_id"]) $app->tform->errorMessage .= $app->tform->wordbook["no_mailuser_perm"];
@@ -85,11 +85,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another filter
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")."<br>";
}
diff --git a/interface/web/mail/mail_user_stats.php b/interface/web/mail/mail_user_stats.php
index 356d28cf3bc9c104ad8791badd4e13ae728a85bd..abb5461e541ca7c02866d21c290d303778cfa5d0 100644
--- a/interface/web/mail/mail_user_stats.php
+++ b/interface/web/mail/mail_user_stats.php
@@ -34,28 +34,28 @@ class list_action extends listform_actions {
//* Set the statistics colums
//** Traffic of the current month
$tmp_date = date('Y-m');
- $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
+ $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);
// $rec['this_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
$rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);
if ($rec['this_month'] == 'NAN') $rec['this_month'] = '0 KB';
//** Traffic of the current year
$tmp_date = date('Y');
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');
// $rec['this_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
$rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);
if ($rec['this_year'] == 'NAN') $rec['this_year'] = '0 KB';
//** Traffic of the last month
$tmp_date = date('Y-m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
- $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
+ $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);
// $rec['last_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
$rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);
if ($rec['last_month'] == 'NAN') $rec['last_month'] = '0 KB';
//** Traffic of the last year
$tmp_date = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');
// $rec['last_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
$rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);
if ($rec['last_year'] == 'NAN') $rec['last_year'] = '0 KB';
diff --git a/interface/web/mail/mail_whitelist_edit.php b/interface/web/mail/mail_whitelist_edit.php
index b55db9c793c96a7916d372cb5c3967a59a2a9976..4bec0419902da5be956c3b716ad10da72e524008 100644
--- a/interface/web/mail/mail_whitelist_edit.php
+++ b/interface/web/mail/mail_whitelist_edit.php
@@ -72,7 +72,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -89,11 +89,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";
}
diff --git a/interface/web/mail/mailinglist.php b/interface/web/mail/mailinglist.php
index 6ef779cbd61f7d3e6459cab3c696374fba15547a..15f61c93991302bb420123923ee19e1fa7ecafed 100644
--- a/interface/web/mail/mailinglist.php
+++ b/interface/web/mail/mailinglist.php
@@ -43,13 +43,13 @@ $listId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = " . $listId);
+$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = ?", $listId);
$serverId = $app->functions->intval($dbData[0]['server_id']);
if ($serverId == 0){
die ("No List - Server found!");
}
-$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('mail');
diff --git a/interface/web/mail/spamfilter_blacklist_edit.php b/interface/web/mail/spamfilter_blacklist_edit.php
index b7b6391f41487ad6aebacfe61b2ee3d755f9053f..b76334b387728ef65e2daaa350a08ff37645d916 100644
--- a/interface/web/mail/spamfilter_blacklist_edit.php
+++ b/interface/web/mail/spamfilter_blacklist_edit.php
@@ -65,24 +65,6 @@ class page_action extends tform_actions {
parent::onShowNew();
}
- /*
- function onBeforeUpdate() {
- global $app, $conf;
-
- //* Check if the server has been changed
- // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
- if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);
- if($rec['server_id'] != $this->dataRecord["server_id"]) {
- //* Add a error message and switch back to old server
- $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
- $this->dataRecord["server_id"] = $rec['server_id'];
- }
- unset($rec);
- }
- }
- */
-
function onSubmit() {
global $app, $conf;
@@ -90,11 +72,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]."<br>";
}
@@ -103,7 +85,7 @@ class page_action extends tform_actions {
} // end if user is not admin
// Select and set the server_id so it matches the server_id of the spa,filter_users record
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ".$app->functions->intval($this->dataRecord["rid"]));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ?", $this->dataRecord["rid"]);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
diff --git a/interface/web/mail/spamfilter_config_edit.php b/interface/web/mail/spamfilter_config_edit.php
index 3584c2ff59d6c8d2702e1449718580619c708c4f..5b3062ab771341d8214ca589d628621f55d53da8 100644
--- a/interface/web/mail/spamfilter_config_edit.php
+++ b/interface/web/mail/spamfilter_config_edit.php
@@ -83,8 +83,8 @@ class page_action extends tform_actions {
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$app->functions->intval($server_id);
- $app->db->query($sql);
+ $sql = "UPDATE server SET config = ? WHERE server_id = ?";
+ $app->db->query($sql, $server_config_str, $server_id);
}
}
diff --git a/interface/web/mail/spamfilter_policy_edit.php b/interface/web/mail/spamfilter_policy_edit.php
index 0b94d5d0659b58dfd16383fbeabff59f1a68eda9..5320506846fc3e36364a482a0e1c5c0c5d993373 100644
--- a/interface/web/mail/spamfilter_policy_edit.php
+++ b/interface/web/mail/spamfilter_policy_edit.php
@@ -72,11 +72,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_policy"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_policy"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_policy_txt"]."<br>";
}
diff --git a/interface/web/mail/spamfilter_users_edit.php b/interface/web/mail/spamfilter_users_edit.php
index 488d951c75722a89434a717907d44b6b64dbf539..b8bc9316c5fffdadff123f8bbf81ef951275e406 100644
--- a/interface/web/mail/spamfilter_users_edit.php
+++ b/interface/web/mail/spamfilter_users_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -88,11 +88,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_user"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_user"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_user_txt"]."<br>";
}
diff --git a/interface/web/mail/spamfilter_whitelist_edit.php b/interface/web/mail/spamfilter_whitelist_edit.php
index 227f538be3081f282404c325d718c0acbc67fabf..a404db0ef1008c7eba45ea9a9be8d7e6951d09bd 100644
--- a/interface/web/mail/spamfilter_whitelist_edit.php
+++ b/interface/web/mail/spamfilter_whitelist_edit.php
@@ -65,24 +65,6 @@ class page_action extends tform_actions {
parent::onShowNew();
}
- /*
- function onBeforeUpdate() {
- global $app, $conf;
-
- //* Check if the server has been changed
- // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
- if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);
- if($rec['server_id'] != $this->dataRecord["server_id"]) {
- //* Add a error message and switch back to old server
- $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
- $this->dataRecord["server_id"] = $rec['server_id'];
- }
- unset($rec);
- }
- }
- */
-
function onSubmit() {
global $app, $conf;
@@ -90,11 +72,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]."<br>";
}
@@ -103,7 +85,7 @@ class page_action extends tform_actions {
} // end if user is not admin
// Select and set the server_id so it matches the server_id of the spa,filter_users record
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ".$app->functions->intval($this->dataRecord["rid"]));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ?", $this->dataRecord["rid"]);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
diff --git a/interface/web/mail/templates/mail_alias_list.htm b/interface/web/mail/templates/mail_alias_list.htm
index d291a92dc44badc65e893d47c38276880c56a635..5f19fba1387bc8fba7a4cbafc191b95be3a0322d 100644
--- a/interface/web/mail/templates/mail_alias_list.htm
+++ b/interface/web/mail/templates/mail_alias_list.htm
@@ -53,7 +53,7 @@
<td><a href="#" data-load-content="mail/mail_alias_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_alias_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_alias_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_alias_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_aliasdomain_list.htm b/interface/web/mail/templates/mail_aliasdomain_list.htm
index 2c1eeb75dfe9237e1fca3f7fd1af7e0952029b6a..6ce208b48b62bfe3cca51292f29c9d7ecfce8d82 100644
--- a/interface/web/mail/templates/mail_aliasdomain_list.htm
+++ b/interface/web/mail/templates/mail_aliasdomain_list.htm
@@ -53,7 +53,7 @@
<td><a href="#" data-load-content="mail/mail_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_aliasdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_aliasdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_blacklist_list.htm b/interface/web/mail/templates/mail_blacklist_list.htm
index fdba439c779d8aa8fc5a15a030194d5571b5f44a..b023f5404253eb9a8fb1927e5dd02a4fb1647ab3 100644
--- a/interface/web/mail/templates/mail_blacklist_list.htm
+++ b/interface/web/mail/templates/mail_blacklist_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="mail/mail_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_content_filter_list.htm b/interface/web/mail/templates/mail_content_filter_list.htm
index 04b997fe7a64978adbff2e6c28e763c6b21bdb32..01689aa4d6fab13d30e75ab6cd60ce5248f4c410 100644
--- a/interface/web/mail/templates/mail_content_filter_list.htm
+++ b/interface/web/mail/templates/mail_content_filter_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="mail/mail_content_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="pattern"}</a></td>
<td><a href="#" data-load-content="mail/mail_content_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="action"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_content_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_content_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_domain_admin_list.htm b/interface/web/mail/templates/mail_domain_admin_list.htm
index 94608b730d7abb4e8dfe15ca82f93be77d203c5b..1b2b41f3924a95a060ea7034cdd9de10de2cc087 100644
--- a/interface/web/mail/templates/mail_domain_admin_list.htm
+++ b/interface/web/mail/templates/mail_domain_admin_list.htm
@@ -39,7 +39,7 @@
<td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
<td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_domain_catchall_list.htm b/interface/web/mail/templates/mail_domain_catchall_list.htm
index 42a05ca513c66ec759ede09d6ab979ea45fbe693..29483ae3d054072f6d5894ca6b8c3f68d1513e3a 100644
--- a/interface/web/mail/templates/mail_domain_catchall_list.htm
+++ b/interface/web/mail/templates/mail_domain_catchall_list.htm
@@ -53,7 +53,7 @@
<td><a href="#" data-load-content="mail/mail_domain_catchall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_domain_catchall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_catchall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_catchall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm
index f56c27d8787883b8f34ba5e69be85949fde8f51c..307b0d1531f258a0db7d79e44a25170ff374ebd7 100644
--- a/interface/web/mail/templates/mail_domain_edit.htm
+++ b/interface/web/mail/templates/mail_domain_edit.htm
@@ -86,7 +86,7 @@
<tmpl_else>
<input type="hidden" name="domain_module" value="0" id="domain_module" />
</tmpl_if>
- <div class="col-sm-3"></div><div class="col-sm-9"><button class="btn btn-default formbutton-default" type="button" data-toggle="collapse" data-target="#toggle-dkim" aria-expanded="false" aria-controls="toggle-dkim">{tmpl_var name='dkim_settings_txt'}</button></div>
+ <div class="col-sm-12"><button class="btn btn-default formbutton-default" type="button" data-toggle="collapse" data-target="#toggle-dkim" aria-expanded="false" aria-controls="toggle-dkim">{tmpl_var name='dkim_settings_txt'}</button></div>
<div id="toggle-dkim" class="collapse">
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='dkim_txt'}</label>
diff --git a/interface/web/mail/templates/mail_domain_list.htm b/interface/web/mail/templates/mail_domain_list.htm
index 01d9ea52eeadb0e7addaff0c30ace6413c55ce22..bb1eba146b9bf5d7ab63f02ae3b47720f7afcb44 100644
--- a/interface/web/mail/templates/mail_domain_list.htm
+++ b/interface/web/mail/templates/mail_domain_list.htm
@@ -53,7 +53,7 @@
<td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
<td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_forward_list.htm b/interface/web/mail/templates/mail_forward_list.htm
index 2981393437fdcde83df18b5acffca7b26e898b73..bb4b95ed12fcd5d6869ebdab91311d377b7b3358 100644
--- a/interface/web/mail/templates/mail_forward_list.htm
+++ b/interface/web/mail/templates/mail_forward_list.htm
@@ -53,7 +53,7 @@
<td><a href="#" data-load-content="mail/mail_forward_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_forward_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_forward_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_forward_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_get_list.htm b/interface/web/mail/templates/mail_get_list.htm
index 372d927c8dff4ca7ff190bd144bbab1ba0f44d27..58a550a7d1d11ba54e3db2a451b978f9737979d4 100644
--- a/interface/web/mail/templates/mail_get_list.htm
+++ b/interface/web/mail/templates/mail_get_list.htm
@@ -59,7 +59,7 @@
<td><a href="#" data-load-content="mail/mail_get_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source_username"}</a></td>
<td><a href="#" data-load-content="mail/mail_get_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_get_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_get_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_mailinglist_list.htm b/interface/web/mail/templates/mail_mailinglist_list.htm
index 3e345893671c95b189ba1b5d4a836148a57bdad3..7e15df3aad961490cdbd87ae4b655088125d47b0 100644
--- a/interface/web/mail/templates/mail_mailinglist_list.htm
+++ b/interface/web/mail/templates/mail_mailinglist_list.htm
@@ -50,9 +50,9 @@
<td><a href="#" data-load-content="mail/mail_mailinglist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>
<td class="text-right">
<tmpl_if name="mailmailinglist_link">
- <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/mailinglist.php?id={tmpl_var name='id'}" target="mailmailinglist"><span class="icon icon-mail"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/mailinglist.php?id={tmpl_var name='id'}" target="mailmailinglist"><span class="icon icon-mail"></span></a>
</tmpl_if>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_mailinglist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_mailinglist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_relay_recipient_list.htm b/interface/web/mail/templates/mail_relay_recipient_list.htm
index 7ab97fa223df5b085d62ca904660d804e54d9203..7dac3e7ce5a4aa42f110162d9cc8423ba8664c5a 100644
--- a/interface/web/mail/templates/mail_relay_recipient_list.htm
+++ b/interface/web/mail/templates/mail_relay_recipient_list.htm
@@ -52,7 +52,7 @@
<td><a href="#" data-load-content="mail/mail_relay_recipient_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
<td><a href="#" data-load-content="mail/mail_relay_recipient_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_relay_recipient_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_relay_recipient_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_transport_list.htm b/interface/web/mail/templates/mail_transport_list.htm
index a1fcb088581550883ec2c568eabd3d0263df1f53..4b4b2d9e53d6529f5bf4bb339ab8aeb5575844cc 100644
--- a/interface/web/mail/templates/mail_transport_list.htm
+++ b/interface/web/mail/templates/mail_transport_list.htm
@@ -59,7 +59,7 @@
<td><a href="#" data-load-content="mail/mail_transport_edit.php?id={tmpl_var name='id'}">{tmpl_var name="transport"}</a></td>
<td><a href="#" data-load-content="mail/mail_transport_edit.php?id={tmpl_var name='id'}">{tmpl_var name="sort_order"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_transport_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_transport_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_user_autoresponder_edit.htm b/interface/web/mail/templates/mail_user_autoresponder_edit.htm
index 03cb715687f61c3ec71d805ba12751e6a845d95e..afefb7950f31074f12eb17b58082b79762b3cc58 100644
--- a/interface/web/mail/templates/mail_user_autoresponder_edit.htm
+++ b/interface/web/mail/templates/mail_user_autoresponder_edit.htm
@@ -14,16 +14,16 @@
</div>
<div class="form-group">
<label for="autoresponder" class="col-sm-3 control-label">{tmpl_var name='autoresponder_active'}</label>
- <div class="col-sm-9"><input class="form-control" type="checkbox" value="y" id="autoresponder" name="autoresponder"
- onclick="AR_ResetDates();" {tmpl_var name='ar_active'} /></div></div>
+ <div class="col-sm-9"><input type="checkbox" value="y" id="autoresponder" name="autoresponder" onclick="AR_ResetDates();" {tmpl_var name='ar_active'} /></div>
+ </div>
<div class="form-group">
<label for="autoresponder_start_date" class="col-sm-3 control-label">{tmpl_var name='autoresponder_start_date_txt'}</label>
- {tmpl_var name='autoresponder_start_date'}
- <a href="javascript:AR_SetNow();">{tmpl_var name='now_txt'}</a>
+ <div class="col-sm-9">{tmpl_var name='autoresponder_start_date'}
+ <a href="javascript:AR_SetNow();">{tmpl_var name='now_txt'}</a></div>
</div>
<div class="form-group">
<label for="autoresponder_end_date" class="col-sm-3 control-label">{tmpl_var name='autoresponder_end_date_txt'}</label>
- {tmpl_var name='autoresponder_end_date'}
+ <div class="col-sm-9">{tmpl_var name='autoresponder_end_date'}</div>
</div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/mail/templates/mail_user_backup_list.htm b/interface/web/mail/templates/mail_user_backup_list.htm
index 87091b479d47c43915b82fbe30d450d8ac5e7663..b8f29a87bdef449f58b626620050c45a3c8d78eb 100644
--- a/interface/web/mail/templates/mail_user_backup_list.htm
+++ b/interface/web/mail/templates/mail_user_backup_list.htm
@@ -2,7 +2,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<h3><tmpl_var name="list_head_txt"></h3>
diff --git a/interface/web/mail/templates/mail_user_filter_edit.htm b/interface/web/mail/templates/mail_user_filter_edit.htm
index 7de61b1198e69d747ecfec4d947283f5b3df3d1b..cb2d79a2498d73c5ce84dff2e17af2d86a45f749 100644
--- a/interface/web/mail/templates/mail_user_filter_edit.htm
+++ b/interface/web/mail/templates/mail_user_filter_edit.htm
@@ -7,21 +7,22 @@
<div class="form-group">
<label for="rulename" class="col-sm-3 control-label">{tmpl_var name='rulename_txt'}</label>
- <div class="col-sm-9"><input type="text" id="rulename" name="rulename" value="{tmpl_var name='rulename'}" class="form-control"></div></div>
+ <div class="col-sm-9"><input type="text" id="rulename" name="rulename" value="{tmpl_var name='rulename'}" class="form-control"></div>
+ </div>
<div class="form-group">
<label for="source" class="col-sm-3 control-label">{tmpl_var name='source_txt'}</label>
- <div class="col-sm-9"><select id="source" name="source" class="form-control">{tmpl_var name='source'}</select></div>
- <div class="col-sm-9"><select id="op" name="op" class="form-control">{tmpl_var name='op'}</select></div><br><br>
- <div><label></label><div class="col-sm-9"><input type="text" id="searchterm" name="searchterm" value="{tmpl_var name='searchterm'}" class="form-control"></div></div>
+ <div class="col-sm-9" style="margin-bottom:10px"><select id="source" name="source" class="form-control">{tmpl_var name='source'}</select></div>
+ <div class="col-sm-3"></div><div class="col-sm-9" style="margin-bottom:10px"><select id="op" name="op" class="form-control">{tmpl_var name='op'}</select></div>
+ <div class="col-sm-3"></div><div class="col-sm-9"><input type="text" id="searchterm" name="searchterm" value="{tmpl_var name='searchterm'}" class="form-control"></div>
</div>
<div class="form-group">
<label for="action" class="col-sm-3 control-label">{tmpl_var name='action_txt'}</label>
- <div class="col-sm-9"><select id="action" name="action" class="form-control">{tmpl_var name='action'}</select></div><br><br>
- <div><label></label><div class="col-sm-9"><input type="text" id="target" name="target" value="{tmpl_var name='target'}" class="form-control"></div></div>
+ <div class="col-sm-9" style="margin-bottom:10px"><select id="action" name="action" class="form-control">{tmpl_var name='action'}</select></div>
+ <div class="col-sm-3"></div><div class="col-sm-9"><input type="text" id="target" name="target" value="{tmpl_var name='target'}" class="form-control"></div>
</div>
<div class="form-group">
<label for="active" class="col-sm-3 control-label">{tmpl_var name='active_txt'}</label>
- <span class="">{tmpl_var name='active'}</span>
+ <div class="col-sm-9"><span class="">{tmpl_var name='active'}</span></div>
</div>
diff --git a/interface/web/mail/templates/mail_user_filter_list.htm b/interface/web/mail/templates/mail_user_filter_list.htm
index 6ab6e14b3b62f04e248516cfddd0dfb246f9a703..990558bd11e4b13e16b61e5bf884905f9b06ca29 100644
--- a/interface/web/mail/templates/mail_user_filter_list.htm
+++ b/interface/web/mail/templates/mail_user_filter_list.htm
@@ -42,7 +42,7 @@
<tr>
<td><a href="#" data-load-content="mail/mail_user_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rulename"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
@@ -54,7 +54,7 @@
</tbody>
<tfoot>
<tr>
- <td colspan="3"><tmpl_var name="paging"></td>
+ <td colspan="2"><tmpl_var name="paging"></td>
</tr>
</tfoot>
</table>
diff --git a/interface/web/mail/templates/mail_user_list.htm b/interface/web/mail/templates/mail_user_list.htm
index 69719a7cd4edaeddf3ba922a55604ee44d0b5742..0ac26e105a59e756f9d451f65ad6a639dc558a59 100644
--- a/interface/web/mail/templates/mail_user_list.htm
+++ b/interface/web/mail/templates/mail_user_list.htm
@@ -73,9 +73,9 @@
<td><a href="#" data-load-content="mail/mail_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="disablepop3"}</a></td>
<td class="text-right">
<tmpl_if name="mailboxlist_webmail_link">
- <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/webmailer.php?id={tmpl_var name='id'}" target="webmail"><span class="icon icon-mail"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/webmailer.php?id={tmpl_var name='id'}" target="webmail"><span class="icon icon-mail"></span></a>
</tmpl_if>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/mail_whitelist_list.htm b/interface/web/mail/templates/mail_whitelist_list.htm
index 5740de6ff596bac152ceb6fcbb74959b3c266944..cb3b783e7f68c46200c4502e957b3b594090bf2e 100644
--- a/interface/web/mail/templates/mail_whitelist_list.htm
+++ b/interface/web/mail/templates/mail_whitelist_list.htm
@@ -40,7 +40,7 @@
<td><a href="#" data-load-content="mail/mail_whitelist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>
<td><a href="#" data-load-content="mail/mail_whitelist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_whitelist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_whitelist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/spamfilter_blacklist_list.htm b/interface/web/mail/templates/spamfilter_blacklist_list.htm
index 24e20800305fb44873593210bc5a0f47990f5221..91a45916ba6f79632b375c18c1fa5d4d6afcdd0c 100644
--- a/interface/web/mail/templates/spamfilter_blacklist_list.htm
+++ b/interface/web/mail/templates/spamfilter_blacklist_list.htm
@@ -43,7 +43,7 @@
<td><a href="#" data-load-content="mail/spamfilter_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rid"}</a></td>
<td><a href="#" data-load-content="mail/spamfilter_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="email"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/spamfilter_config_list.htm b/interface/web/mail/templates/spamfilter_config_list.htm
index e8dffcd4611d95e21e39a6bca6c2013445d10070..486a79e6d9c017c289fb7eca2bd4e4e3c33e5511 100644
--- a/interface/web/mail/templates/spamfilter_config_list.htm
+++ b/interface/web/mail/templates/spamfilter_config_list.htm
@@ -31,7 +31,7 @@
<tr>
<td><a href="#" data-load-content="mail/spamfilter_config_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/spamfilter_policy_list.htm b/interface/web/mail/templates/spamfilter_policy_list.htm
index 34de0ddf6faf49d9f8f322012e8db8f1f5354015..da1183d75f9af0dcbf526e0ac68cb400c33d6942 100644
--- a/interface/web/mail/templates/spamfilter_policy_list.htm
+++ b/interface/web/mail/templates/spamfilter_policy_list.htm
@@ -43,7 +43,7 @@
<td><a href="#" data-load-content="mail/spamfilter_policy_edit.php?id={tmpl_var name='id'}">{tmpl_var name="banned_files_lover"}</a></td>
<td><a href="#" data-load-content="mail/spamfilter_policy_edit.php?id={tmpl_var name='id'}">{tmpl_var name="bad_header_lover"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_policy_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_policy_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/templates/spamfilter_users_list.htm b/interface/web/mail/templates/spamfilter_users_list.htm
index 2315554d6e49454a41da4faef2f7c45e493405b3..5f8ef83baecf356f8496554ace6e759b435ad066 100644
--- a/interface/web/mail/templates/spamfilter_users_list.htm
+++ b/interface/web/mail/templates/spamfilter_users_list.htm
@@ -43,7 +43,7 @@
<td><a href="#" data-load-content="mail/spamfilter_users_edit.php?id={tmpl_var name='id'}">{tmpl_var name="policy_id"}</a></td>
<td><a href="#" data-load-content="mail/spamfilter_users_edit.php?id={tmpl_var name='id'}">{tmpl_var name="fullname"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/mail/user_quota_stats.php b/interface/web/mail/user_quota_stats.php
index 88ab8f450310c51e558d38487c3e951e86e4b2bc..90a92558fa03871336c6396fe2dee241ab1e724b 100644
--- a/interface/web/mail/user_quota_stats.php
+++ b/interface/web/mail/user_quota_stats.php
@@ -19,8 +19,6 @@ $app->uses('functions');
$app->load('listform_actions');
-// $tmp_rec = $app->db->queryOneRecord("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");
-// $monitor_data = unserialize($app->db->unquote($tmp_rec['data']));
$tmp_rec = $app->db->queryAllRecords("SELECT data from monitor_data WHERE type = 'email_quota' ORDER BY created DESC");
$monitor_data = array();
if(is_array($tmp_rec)) {
diff --git a/interface/web/mail/webmailer.php b/interface/web/mail/webmailer.php
index 3a10c0fde2aa1ef1fa1ea8ba41a06996238df9a2..d6f73cc45bb5bf61b41d520f64a62ec42367697f 100644
--- a/interface/web/mail/webmailer.php
+++ b/interface/web/mail/webmailer.php
@@ -43,13 +43,13 @@ $emailId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = " . $emailId);
+$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $emailId);
$serverId = $app->functions->intval($dbData['server_id']);
if ($serverId == 0){
die ("No E-Mail - Server found!");
}
-$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('mail');
diff --git a/interface/web/mail/xmpp_domain_del.php b/interface/web/mail/xmpp_domain_del.php
index da481c8f2b9d001e4b870d0bb6a65ee565c690b8..5e4c826fd036f67fbd5b9d115fd4f8c93a1f8dfb 100644
--- a/interface/web/mail/xmpp_domain_del.php
+++ b/interface/web/mail/xmpp_domain_del.php
@@ -67,8 +67,8 @@ class page_action extends tform_actions {
private function delete_accounts($domain){
global $app;
// get all accounts
- $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND ?";
- $users = $app->db->queryAllRecords($sql, '%@'.$domain, $app->tform->getAuthSQL('d'));
+ $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND " . $app->tform->getAuthSQL('d');
+ $users = $app->db->queryAllRecords($sql, '%@'.$domain);
foreach($users AS $u)
$app->db->datalogDelete('xmpp_user', 'xmppuser_id', $u['xmppuser_id']);
}
@@ -77,8 +77,8 @@ class page_action extends tform_actions {
global $app;
// purge all xmpp related rr-record
- $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND ? ORDER BY serial DESC";
- $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
+ $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%');
if (is_array($rec[1])) {
for ($i=0; $i < count($rec); ++$i)
$app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 1213a91e6ad3d6649fd5ce4255eca5f91d6f4cf8..b5858e01ef224bcddf97dc76b6528714d37d99e8 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -95,7 +95,7 @@ class page_action extends tform_actions {
$read_limits = array('limit_xmpp_pastebin', 'limit_xmpp_httparchive', 'limit_xmpp_anon', 'limit_xmpp_vjud', 'limit_xmpp_proxy', 'limit_xmpp_status');
if($_SESSION["s"]["user"]["typ"] != 'admin') {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// add limits to template to be able to hide settings
foreach($read_limits as $limit) $app->tpl->setVar($limit, $client[$limit]);
}else{
@@ -123,13 +123,13 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by client.contact_name");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
if ($settings['use_domain_module'] != 'y') {
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
@@ -145,7 +145,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_xmpp['xmpp_servers_ids'] = explode(',', $client_xmpp['xmpp_servers']);
@@ -156,8 +156,8 @@ class page_action extends tform_actions {
$app->tpl->setVar('server_id_value', $client_xmpp['xmpp_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_xmpp['xmpp_servers'] . ");";
- $xmpp_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $xmpp_servers = $app->db->queryAllRecords($sql, $client_xmpp['xmpp_servers_ids']);
$options_xmpp_servers = "";
@@ -239,11 +239,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM xmpp_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM xmpp_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
@@ -256,7 +256,7 @@ class page_action extends tform_actions {
}
if($client["limit_xmpp_domain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_xmpp_domain"]) {
$app->error($app->tform->wordbook["limit_xmppdomain_txt"]);
}
@@ -281,7 +281,7 @@ class page_action extends tform_actions {
case 1:
$this->dataRecord["management_method"] = 'maildomain';
// Check for corresponding mail domain
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) AS number FROM mail_domain WHERE domain = '".$this->dataRecord["domain"]."' AND ".$app->tform->getAuthSQL('r')." ORDER BY domain");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) AS number FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r')." ORDER BY domain", $this->dataRecord["domain"]);
if($tmp['number']==0){
$app->error($app->tform->wordbook["no_corresponding_maildomain_txt"]);
break;
@@ -318,11 +318,11 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE xmpp_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE xmpp_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE xmpp_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE xmpp_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);
}
//* make sure that the xmpp domain is lowercase
@@ -342,7 +342,7 @@ class page_action extends tform_actions {
if($this->_xmpp_type == 'server') {
// Check if the domain has been changed
- $rec = $app->db->queryOneRecord("SELECT domain from xmpp_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT domain from xmpp_domain WHERE domain_id = ?", $this->id);
if($this->dataRecord['domain']!=$rec['domain'])
$app->error($app->tform->wordbook["cant_change_domainname_txt"]);
@@ -350,7 +350,7 @@ class page_action extends tform_actions {
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
if (isset($this->dataRecord["server_id"])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from xmpp_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from xmpp_domain WHERE domain_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -361,7 +361,7 @@ class page_action extends tform_actions {
//* If the user is neither admin nor reseller
} else {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain from xmpp_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain from xmpp_domain WHERE domain_id = ?", $this->id);
if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
@@ -411,7 +411,7 @@ class page_action extends tform_actions {
private function update_dns($dataRecord, $new_rr) {
global $app, $conf;
- $rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ?", $this->id);
$required_hosts = array('xmpp');
if($rec['use_pubsub']=='y')
$required_hosts[] = 'pubsub';
@@ -425,8 +425,8 @@ class page_action extends tform_actions {
$required_hosts[] = 'muc';
// purge old rr-record
- $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND ? ORDER BY serial DESC";
- $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%', $app->tform->getAuthSQL('r'));
+ $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
+ $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%');
if (is_array($rec[1])) {
for ($i=0; $i < count($rec); ++$i)
$app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);
@@ -468,7 +468,7 @@ class page_action extends tform_actions {
// Refresh zone
$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
$new_serial = $app->validate_dns->increase_serial($zone['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
}
/*
diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
index 6ad6161b4aeffa46bce2b4f4177c8dd79617fc12..16d440a9f1a5419a968765eb602d077b43b3504e 100644
--- a/interface/web/mail/xmpp_user_edit.php
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -98,7 +98,7 @@ class page_action extends tform_actions {
global $app, $conf;
//* Check if Domain belongs to user
if(isset($_POST["jid_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
if($domain["domain"] != $app->functions->idn_encode($_POST["jid_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
@@ -112,12 +112,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another xmpp user.
if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_xmpp_user"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")."<br>";
}
@@ -148,8 +148,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Set the domain owner as xmpp user owner
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+ $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
}
@@ -158,8 +158,8 @@ class page_action extends tform_actions {
// Set the domain owner as mailbox owner
if(isset($_POST["xmpp_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
- $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+ $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
}
}
diff --git a/interface/web/mailuser/index.php b/interface/web/mailuser/index.php
index 73505ae64636049ea111081c5aa479d3b093de00..b7748ac1ccac8602b806abfc655ef75db125e2b5 100644
--- a/interface/web/mailuser/index.php
+++ b/interface/web/mailuser/index.php
@@ -17,8 +17,8 @@ $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng';
include $lng_file;
$app->tpl->setVar($wb);
-$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);
-$rec = $app->db->queryOneRecord($sql);
+$sql = "SELECT * FROM mail_user WHERE mailuser_id = ?";
+$rec = $app->db->queryOneRecord($sql, $_SESSION['s']['user']['mailuser_id']);
if($rec['quota'] == 0) {
$rec['quota'] = $wb['unlimited_txt'];
@@ -30,8 +30,8 @@ if($rec['cc'] == '') $rec['cc'] = $wb['none_txt'];
$app->tpl->setVar($rec);
-$sql2 = "SELECT * FROM server WHERE server_id = ".$app->functions->intval($rec['server_id']);
-$rec2 = $app->db->queryOneRecord($sql2);
+$sql2 = "SELECT * FROM server WHERE server_id = ?";
+$rec2 = $app->db->queryOneRecord($sql2, $rec['server_id']);
$app->tpl->setVar($rec2);
diff --git a/interface/web/mailuser/mail_user_filter_edit.php b/interface/web/mailuser/mail_user_filter_edit.php
index ff93bd9d6cd00b3b3aae41f023d6a26cd130ee57..d398b65166aab18e2e9d63d8b305834aab4d20d5 100644
--- a/interface/web/mailuser/mail_user_filter_edit.php
+++ b/interface/web/mailuser/mail_user_filter_edit.php
@@ -71,7 +71,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the parent mail_user record
- $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = '".$app->functions->intval($_SESSION['s']['user']['mailuser_id'])."'");
+ $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = ?", $_SESSION['s']['user']['mailuser_id']);
// Set the mailuser_id
$this->dataRecord["mailuser_id"] = $mailuser["mailuser_id"];
@@ -84,11 +84,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["default_group"] > 0) { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another filter
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")."<br>";
}
diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php
index 3ea2aa57d55f363c75e57fddebccd755e6ab1025..9d3735672184d0d3c3596c0e7eb19fc59a6a27f8 100644
--- a/interface/web/mailuser/mail_user_spamfilter_edit.php
+++ b/interface/web/mailuser/mail_user_spamfilter_edit.php
@@ -74,19 +74,30 @@ class page_action extends tform_actions {
$rec = $app->tform->getDataRecord($this->id);
$email_parts = explode('@', $rec['email']);
$email_domain = $email_parts[1];
- $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($email_domain)."'");
+ $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = ?", $email_domain);
// Spamfilter policy
$policy_id = $app->functions->intval($this->dataRecord["policy"]);
- $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($rec["email"])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $rec["email"]);
if($policy_id > 0) {
if($tmp_user["id"] > 0) {
// There is already a record that we will update
- $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
+ $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);
} else {
// We create a new record
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
- VALUES (".$app->functions->intval($domain["sys_userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $domain["sys_userid"],
+ "sys_groupid" => $domain["sys_groupid"],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $domain["server_id"],
+ "priority" => 10,
+ "policy_id" => $policy_id,
+ "email" => $rec["email"],
+ "fullname" => $rec["email"],
+ "local" => 'Y'
+ );
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
}
}else {
@@ -104,7 +115,7 @@ class page_action extends tform_actions {
$app->tpl->setVar("email", $rec['email']);
// Get the spamfilter policys for the user
- $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($rec['email'])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);
$sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
$policys = $app->db->queryAllRecords($sql);
$policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";
diff --git a/interface/web/mailuser/templates/mail_user_filter_list.htm b/interface/web/mailuser/templates/mail_user_filter_list.htm
index b4b615bac766a2cc009ad762e6d07a9aa64b424f..8b9ea17c50511d9eb4cbd94b7b94e7c475d89e22 100644
--- a/interface/web/mailuser/templates/mail_user_filter_list.htm
+++ b/interface/web/mailuser/templates/mail_user_filter_list.htm
@@ -30,7 +30,7 @@
<tr>
<td><a href="#" data-load-content="mailuser/mail_user_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rulename"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mailuser/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mailuser/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/monitor/lib/module.conf.php b/interface/web/monitor/lib/module.conf.php
index 6f31204a7bbb1e712dc10f32a663cb790fc44868..964d3c804c980e01886d9c5e32f562a47c8cfe19 100644
--- a/interface/web/monitor/lib/module.conf.php
+++ b/interface/web/monitor/lib/module.conf.php
@@ -8,6 +8,7 @@ $module["title"] = "top_menu_monitor";
$module["template"] = "module.tpl.htm";
$module["tab_width"] = '';
$module["startpage"] = "monitor/show_sys_state.php?state=system";
+$module['order'] = '60';
unset($items);
$items[] = array( 'title' => "Show Overview",
diff --git a/interface/web/monitor/log_del.php b/interface/web/monitor/log_del.php
index 04d11e9665ec8d12ed77ee7a97ec4987a3d65678..40fe185977ed37c2131b87078233bd612045111c 100644
--- a/interface/web/monitor/log_del.php
+++ b/interface/web/monitor/log_del.php
@@ -35,7 +35,7 @@ require_once '../../lib/app.inc.php';
$app->auth->check_module_permissions('monitor');
$syslog_id = $app->functions->intval($_GET['id']);
-$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = '$syslog_id'");
+$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = ?", $syslog_id);
header('Location: log_list.php');
exit;
diff --git a/interface/web/monitor/show_log.php b/interface/web/monitor/show_log.php
index 96217dada18dee68771d738e4b896c9e30ea9379..e8f3acc735eae75e1d1bda8d243ae114e4f3cf55 100644
--- a/interface/web/monitor/show_log.php
+++ b/interface/web/monitor/show_log.php
@@ -120,7 +120,7 @@ $app->tpl->setVar("refresh", $tmp);
/* fetch the Data from the DB */
-$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = '" . $app->db->quote($logId) . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $logId, $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
diff --git a/interface/web/monitor/show_sys_state.php b/interface/web/monitor/show_sys_state.php
index 480dd17d280cf78dbceaf28b1e13aa95e05f12c1..53997bc207a2538e1de3e2f571d683e35d2c628b 100644
--- a/interface/web/monitor/show_sys_state.php
+++ b/interface/web/monitor/show_sys_state.php
@@ -191,7 +191,7 @@ function _getServerState($serverId, $serverName) {
/*
* Get all monitoring-data from the server and process then
*/
- $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = " . $serverId);
+ $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = ?", $serverId);
$osData = null;
$veInfo = null;
$ispcData = null;
@@ -320,7 +320,7 @@ function _processDbState($type, $serverId, $serverState, $messages) {
* state
*/
// get the State from the DB
- $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $serverId . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $type, $serverId);
// change the new state to the highest state
/*
diff --git a/interface/web/monitor/templates/datalog_list.htm b/interface/web/monitor/templates/datalog_list.htm
index 2d40a370cf8e70d77eae0156e1e48ed659e87a9b..eb79f46b54457796fe58945e34db80c07835c980 100644
--- a/interface/web/monitor/templates/datalog_list.htm
+++ b/interface/web/monitor/templates/datalog_list.htm
@@ -33,7 +33,7 @@
<td>{tmpl_var name="action"}</td>
<td>{tmpl_var name="dbtable"}</td>
<td class="text-right">
- <!--<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/datalog_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button> -->
+ <!--<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/datalog_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a> -->
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/monitor/templates/syslog_list.htm b/interface/web/monitor/templates/syslog_list.htm
index b9e2134f633a2467f91735a5fd4c92e48d48651d..8f62422a847717cafec01fa7e11195bde73835ee 100644
--- a/interface/web/monitor/templates/syslog_list.htm
+++ b/interface/web/monitor/templates/syslog_list.htm
@@ -34,10 +34,10 @@
<td>{tmpl_var name="message"}</td>
<td class="text-right">
<tmpl_if name="loglevel" op="==" value="Error">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</tmpl_if>
<tmpl_if name="loglevel" op="==" value="Warning">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</tmpl_if>
</td>
</tr>
diff --git a/interface/web/nav.php b/interface/web/nav.php
index 4d8617cac7b1dc8d3de8836545ed760ba41955e7..773f7d14905e57a62d87381984fd3bcea7f732ad 100644
--- a/interface/web/nav.php
+++ b/interface/web/nav.php
@@ -45,25 +45,41 @@ if(isset($_GET['nav']) && $_GET['nav'] == 'top') {
/*
* If the dashboard is in the list of modules it always has to be the first!
*/
+ /*
asort($modules);
if (in_array('dashboard', $modules)) {
$key = array_search('dashboard', $modules);
unset($modules[$key]);
$modules = array_merge(array('dashboard'), $modules);
}
+ */
if(is_array($modules)) {
foreach($modules as $mt) {
if(is_file($mt.'/lib/module.conf.php')) {
if(!preg_match("/^[a-z]{2,20}$/i", $mt)) die('module name contains unallowed chars.');
+ if($mt == 'dns'){
+ $dns_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE dns_server = 1 AND active = 1");
+ if($dns_servers['cnt'] == 0) continue;
+ }
+ if($mt == 'mail'){
+ $mail_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE mail_server = 1 AND active = 1");
+ if($mail_servers['cnt'] == 0) continue;
+ }
+ if($mt == 'sites'){
+ $web_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE web_server = 1 AND active = 1");
+ if($web_servers['cnt'] == 0) continue;
+ }
+
include_once $mt.'/lib/module.conf.php';
$language = (isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language'];
$app->load_language_file('web/'.$mt.'/lib/'.$language.'.lng');
$active = ($module['name'] == $_SESSION['s']['module']['name']) ? 1 : 0;
- $topnav[] = array( 'title' => $app->lng($module['title']),
+ $topnav[$module['order'].'-'.$module['name']] = array( 'title' => $app->lng($module['title']),
'active' => $active,
'module' => $module['name']);
}
}
+ ksort($topnav);
}
} else {
//* Loading Login Module
diff --git a/interface/web/remote/monitor.php b/interface/web/remote/monitor.php
index 9cc0084bba6eb101ace67453bb7843d7301e5eec..132bcf29a5bc01a297eaf488565cd4db340fd810 100644
--- a/interface/web/remote/monitor.php
+++ b/interface/web/remote/monitor.php
@@ -30,7 +30,7 @@ if($token == '' or $secret == '' or $token != $secret) {
$sql = 'SELECT server_id, server_name FROM server WHERE 1 ORDER BY server_id';
$records = $app->db->queryAllRecords($sql);
foreach($records as $index => $rec) {
- $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = " . $rec['server_id'] . " AND state NOT IN ('ok', 'no_state', 'info')");
+ $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = ? AND state NOT IN ('ok', 'no_state', 'info')", $rec['server_id']);
if($rec) $records[$index]['state'] = 'warn';
else $records[$index]['state'] = 'ok';
}
@@ -38,7 +38,7 @@ if($token == '' or $secret == '' or $token != $secret) {
$out['data'] = $records;
$out['time'] = date('Y-m-d H:i', $rec['created']);
} else {
- $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = '$type' AND server_id = $server_id");
+ $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = ? AND server_id = ?", $type, $server_id);
if(is_array($rec)) {
$out['state'] = $rec['state'];
$out['data'] = unserialize(stripslashes($rec['data']));
diff --git a/interface/web/sites/ajax_get_ip.php b/interface/web/sites/ajax_get_ip.php
index 4101a807e17c8c4aa3db2bd4319d6d2d27e3f6a6..205be4803b08d894189d5e75d31725a1a700485c 100644
--- a/interface/web/sites/ajax_get_ip.php
+++ b/interface/web/sites/ajax_get_ip.php
@@ -37,15 +37,15 @@ $app->uses('getconf');
$server_id = $app->functions->intval($_GET["server_id"]);
$client_group_id = $app->functions->intval($_GET["client_group_id"]);
-$ip_type = $app->db->quote($_GET['ip_type']);
+$ip_type = $_GET['ip_type'];
if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
//* Get global web config
$web_config = $app->getconf->get_server_config($server_id, 'web');
- $sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = ? AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $ip_type, $server_id);
// $ip_select = "<option value=''></option>";
if($ip_type == 'IPv4'){
$ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"*#":"";
diff --git a/interface/web/sites/ajax_get_json.php b/interface/web/sites/ajax_get_json.php
index 243c158da66dd56e7d93263493880e9172b1c9e5..5e9384305eb723396b446d3597f908433f15f1d2 100644
--- a/interface/web/sites/ajax_get_json.php
+++ b/interface/web/sites/ajax_get_json.php
@@ -56,8 +56,8 @@ if($type == 'getservertype'){
if($type == 'getserverid'){
$json = '{"serverid":"';
- $sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
- $server = $app->db->queryOneRecord($sql);
+ $sql = "SELECT server_id FROM web_domain WHERE domain_id = ?? AND ".$app->tform->getAuthSQL('r');
+ $server = $app->db->queryOneRecord($sql, $web_id);
$json .= $server['server_id'];
unset($server);
$json .= '"}';
@@ -77,7 +77,7 @@ if($type == 'getphpfastcgi'){
$sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($_SESSION["s"]["user"]["client_id"]) . ")";
//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
$sql_where = " AND (client_id = 0";
if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
@@ -85,7 +85,7 @@ if($type == 'getphpfastcgi'){
//* Admin: If the logged in user is admin
} else {
//$sql_where = '';
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
$sql_where = " AND (client_id = 0";
if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
@@ -93,10 +93,9 @@ if($type == 'getphpfastcgi'){
}
if($php_type == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);
- }
- if($php_type == 'fast-cgi'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id".$sql_where);
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, $server_id);
+ } elseif($php_type == 'fast-cgi'){
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, $server_id);
}
$php_select = "";
if(is_array($php_records) && !empty($php_records)) {
@@ -116,8 +115,8 @@ if($type == 'getphpfastcgi'){
if($type == 'getphptype'){
$json = '{"phptype":"';
- $sql = "SELECT php FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
- $php = $app->db->queryOneRecord($sql);
+ $sql = "SELECT php FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');
+ $php = $app->db->queryOneRecord($sql, $web_id);
$json .= $php['php'];
unset($php);
$json .= '"}';
@@ -125,8 +124,8 @@ if($type == 'getphptype'){
if($type == 'getredirecttype'){
$json = '{"redirecttype":"';
- $sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
- $redirect = $app->db->queryOneRecord($sql);
+ $sql = "SELECT redirect_type FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');
+ $redirect = $app->db->queryOneRecord($sql, $web_id);
$json .= $redirect['redirect_type'];
unset($redirect);
$json .= '"}';
@@ -155,11 +154,11 @@ if($type == 'get_ipv6'){
if($type == 'getdatabaseusers') {
$json = '{}';
- $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
- $group = $app->db->queryOneRecord($sql);
+ $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');
+ $group = $app->db->queryOneRecord($sql, $web_id);
if($group) {
- $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $app->functions->intval($group['sys_groupid']) . "'";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = ?";
+ $records = $app->db->queryAllRecords($sql, $group['sys_groupid']);
$tmp_array = array();
foreach($records as $record) {
@@ -202,9 +201,9 @@ if ($type == 'getdirectivesnippet') {
}
if($type == 'getclientssldata'){
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", intval($web_id));
- $sys_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE groupid = ?", intval($web['sys_groupid']));
- $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", intval($sys_group['client_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $web_id);
+ $sys_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE groupid = ?", $web['sys_groupid']);
+ $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $sys_group['client_id']);
if(is_array($client) && !empty($client)){
if($client['telephone'] == '' && $client['mobile'] != '') $client['telephone'] = $client['mobile'];
diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php
index ffc8c031d7b65b69d0f0fcee63cd1b524eefb849..ff0705f9bbb722114029f4f4a4db957e31ca64a8 100644
--- a/interface/web/sites/aps_do_operation.php
+++ b/interface/web/sites/aps_do_operation.php
@@ -50,15 +50,15 @@ if($_GET['action'] == 'change_status')
if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID'));
// Change the existing status to the opposite
- $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']);
if($get_status['package_status'] == strval(PACKAGE_LOCKED))
{
- $app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']);
echo '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>';
}
else
{
- $app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']);
echo '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>';
}
}
@@ -69,7 +69,7 @@ else if($_GET['action'] == 'delete_instance')
$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
if(!$is_admin)
{
- $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");
+ $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
$client_id = $cid['client_id'];
}
@@ -78,8 +78,8 @@ else if($_GET['action'] == 'delete_instance')
// Only delete the instance if the status is "installed" or "flawed"
$check = $app->db->queryOneRecord("SELECT id FROM aps_instances
- WHERE id = ".$app->db->quote($_GET['id'])." AND
- (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");");
+ WHERE id = ? AND
+ (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR);
if($check['id'] > 0) $gui->deleteInstance($_GET['id']);
//echo $app->lng('Installation_remove');
@header('Location:aps_installedpackages_list.php');
diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php
index 5d623226908c7d21e34ad1e1a5a609c5cfa2b35d..05e4e9e4e9e2e9c0c1ca3bf42ad1276fc400cb47 100644
--- a/interface/web/sites/aps_install_package.php
+++ b/interface/web/sites/aps_install_package.php
@@ -62,7 +62,7 @@ if($_SESSION["s"]["user"]["typ"] == 'user') {
$adminflag = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
$gui = new ApsGUIController($app);
-$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : '';
+$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : '';
// Check if a newer version is available for the current package
// Note: It's intended that here is no strict ID check (see below)
@@ -85,9 +85,8 @@ if(isset($settings['error'])) $app->error($settings['error']);
// Get domain list
$domains = array();
$domain_for_user = '';
-if(!$adminflag) $domain_for_user = "AND (sys_userid = '".$app->db->quote($_SESSION['s']['user']['userid'])."'
- OR sys_groupid = '".$app->db->quote($_SESSION['s']['user']['default_group'])."' )";
-$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain;");
+if(!$adminflag) $domain_for_user = "AND (sys_userid = ? OR sys_groupid = ?)";
+$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain", $_SESSION['s']['user']['userid'], $_SESSION['s']['user']['default_group']);
if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $domain['domain'];
// If data has been submitted, validate it
diff --git a/interface/web/sites/aps_installedpackages_list.php b/interface/web/sites/aps_installedpackages_list.php
index a0a934ef43afbae0d8eb83cddd27d58b9ccf13f9..f323a9cc8354271a490d071d67589961c2e19bbf 100644
--- a/interface/web/sites/aps_installedpackages_list.php
+++ b/interface/web/sites/aps_installedpackages_list.php
@@ -51,7 +51,7 @@ $client_ext = '';
$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
if(!$is_admin)
{
- $cid = $app->db->queryOneRecord('SELECT client_id FROM client WHERE username = "'.$app->db->quote($_SESSION['s']['user']['username']).'";');
+ $cid = $app->db->queryOneRecord('SELECT client_id FROM client WHERE username = ?', $_SESSION['s']['user']['username']);
//$client_ext = ' AND aps_instances.customer_id = '.$cid['client_id'];
$client_ext = ' AND '.$app->tform->getAuthSQL('r', 'aps_instances');
}
diff --git a/interface/web/sites/aps_packagedetails_show.php b/interface/web/sites/aps_packagedetails_show.php
index 7f8ca6bd2b71341504216ff03edf5a941de89dda..6da561021df9e970a6e43f2d5dd15aae471e137e 100644
--- a/interface/web/sites/aps_packagedetails_show.php
+++ b/interface/web/sites/aps_packagedetails_show.php
@@ -47,7 +47,7 @@ require_once $lngfile;
$app->tpl->setVar($wb);
$gui = new ApsGUIController($app);
-$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : '';
+$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : '';
// Check if a newer version is available for the current package
// Note: It's intended that here is no strict ID check (see below)
diff --git a/interface/web/sites/cron_edit.php b/interface/web/sites/cron_edit.php
index 6ec02c7433be31eee8577cad06ebb111b40b777c..a8326493cad61e5537b3ed134fab4a737c3d8cdd 100644
--- a/interface/web/sites/cron_edit.php
+++ b/interface/web/sites/cron_edit.php
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
@@ -95,7 +95,7 @@ class page_action extends tform_actions {
} else {
// Check if the user may add another cron job.
if($client["limit_cron"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_cron"]) {
$app->error($app->tform->wordbook["limit_cron_txt"]);
}
@@ -104,7 +104,7 @@ class page_action extends tform_actions {
}
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
// Set fixed values
@@ -115,7 +115,7 @@ class page_action extends tform_actions {
if(preg_match("'^http(s)?:\/\/'i", $command)) {
$this->dataRecord["type"] = 'url';
} else {
- $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($parent_domain["sys_groupid"]));
+ $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $parent_domain["sys_groupid"]);
//* True when the site is assigned to a client
if(isset($domain_owner["limit_cron_type"])) {
if($domain_owner["limit_cron_type"] == 'full') {
@@ -140,7 +140,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_cron_frequency"] > 1) {
if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {
@@ -170,7 +170,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_cron_frequency"] > 1) {
if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {
@@ -196,14 +196,14 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $web["server_id"];
// The cron shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE cron SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE cron SET server_id = ?, sys_groupid = ? WHERE id = ?";
+ $app->db->query($sql, $server_id, $sys_groupid, $this->id);
}
function onAfterUpdate() {
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 9494cd3360e20b1e8fda933765a765e7d8942112..2d051d118f445263f6dd7c805fe4b093124ffe50 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -79,7 +79,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Set the webserver to the default server of the client
- $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
+ $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));
$only_one_server = count($tmp) === 1;
$app->tpl->setVar('only_one_server', $only_one_server);
@@ -89,7 +89,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= "<option value='$db_server[server_id]'>$db_server[server_name]</option>";
+ $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -102,7 +102,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Set the webserver to the default server of the client
- $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
+ $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));
$only_one_server = count($tmp) === 1;
$app->tpl->setVar('only_one_server', $only_one_server);
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= "<option value='$db_server[server_id]'>$db_server[server_name]</option>";
+ $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -168,13 +168,13 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ?", $client_group_id);
// When the record is updated
if($this->id > 0) {
@@ -207,7 +207,7 @@ class page_action extends tform_actions {
if($client['parent_client_id'] > 0) {
// Get the limits of the reseller
- $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ?", $client['parent_client_id']);
//* Check the website quota of the client
if ($reseller['limit_database_quota'] >= 0) {
@@ -265,15 +265,15 @@ class page_action extends tform_actions {
}
} else {
// check if client of database parent domain is client of db user!
- $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($this->dataRecord['database_user_id']) {
- $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_user_id'])."'");
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_user_id']);
if($group['sys_groupid'] != $web_group['sys_groupid']) {
$app->error($app->tform->wordbook['database_client_differs_txt']);
}
}
if($this->dataRecord['database_ro_user_id']) {
- $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_ro_user_id'])."'");
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_ro_user_id']);
if($group['sys_groupid'] != $web_group['sys_groupid']) {
$app->error($app->tform->wordbook['database_client_differs_txt']);
}
@@ -340,11 +340,11 @@ class page_action extends tform_actions {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."' AND database_id != '".$this->id."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ? AND database_id != ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"], $this->id);
if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';
// get the web server ip (parent domain)
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -369,7 +369,7 @@ class page_action extends tform_actions {
if ($app->tform->errorMessage == '') {
// force update of the used database user
if($this->dataRecord['database_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -377,7 +377,7 @@ class page_action extends tform_actions {
}
}
if($this->dataRecord['database_ro_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -419,11 +419,11 @@ class page_action extends tform_actions {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"]);
if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';
// get the web server ip (parent domain)
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);
if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -448,7 +448,7 @@ class page_action extends tform_actions {
if ($app->tform->errorMessage == '') {
// force update of the used database user
if($this->dataRecord['database_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
@@ -456,7 +456,7 @@ class page_action extends tform_actions {
}
}
if($this->dataRecord['database_ro_user_id']) {
- $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));
+ $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);
if($user_old_rec) {
$user_new_rec = $user_old_rec;
$user_new_rec['server_id'] = $this->dataRecord['server_id'];
diff --git a/interface/web/sites/database_phpmyadmin.php b/interface/web/sites/database_phpmyadmin.php
index 5e640dfea438950ca2d93cfb279bcd2bcd981a4d..481b4ea600a66fa975518fe7f7e174a27bb52f29 100644
--- a/interface/web/sites/database_phpmyadmin.php
+++ b/interface/web/sites/database_phpmyadmin.php
@@ -45,14 +45,12 @@ $databaseId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = " . $databaseId);
+$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = ?", $databaseId);
$serverId = $app->functions->intval($dbData['server_id']);
if ($serverId == 0){
die ("No DB-Server found!");
}
-$serverData = $app->db->queryOneRecord(
- "SELECT server_name FROM server WHERE server_id = " .
- $serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('sites');
diff --git a/interface/web/sites/database_user_del.php b/interface/web/sites/database_user_del.php
index 3667539c7aefec0abb0f55ad2848ee2d7534a78c..d80ba4f056f14c4399f8e1fd0147b0303394fec1 100644
--- a/interface/web/sites/database_user_del.php
+++ b/interface/web/sites/database_user_del.php
@@ -55,7 +55,7 @@ class page_action extends tform_actions {
$old_record = $app->tform->getDataRecord($this->id);
/* we cannot use datalogDelete here, as we need to set server_id to 0 */
- $app->db->query("DELETE FROM `web_database_user` WHERE $index_field = '$index_value'");
+ $app->db->query("DELETE FROM `web_database_user` WHERE ?? = ?", $index_field, $index_value);
$new_rec = array();
$old_record['server_id'] = 0;
$app->db->datalogSave('web_database_user', 'DELETE', 'database_user_id', $this->id, $old_record, $new_rec);
@@ -65,14 +65,14 @@ class page_action extends tform_actions {
global $app; $conf;
//* Update all records that belog to this user
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $this->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);
}
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $this->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);
}
}
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 18b46b90e1bd4d1131d8544d2a37eb43173e043b..90b28ef6e245b1dea0edeead696ad187abf58204 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -66,12 +66,12 @@ class page_action extends tform_actions {
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $records = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($records)) {
@@ -128,7 +128,7 @@ class page_action extends tform_actions {
$global_config = $app->getconf->get_global_config('sites');
$dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
- $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
+ $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id);
$dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
$this->dataRecord['database_user_prefix'] = $dbuser_prefix;
@@ -200,11 +200,11 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
}
}
@@ -213,24 +213,12 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
}
-
- /*$password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);
-
- $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
- foreach($records as $rec) {
- $new_rec = $this->dataRecord;
- $new_rec['server_id'] = $rec['server_id'];
- // Make sure to store the password in encrypted form in sys_datalog
- $new_rec['database_password'] = $password['database_password'];
- $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $this->oldDataRecord, $new_rec);
- }
- unset($new_rec);*/
}
}
diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php
index 1081a233d5eb8d27f2d3c6174ea8b631cffff02a..09145f9768a71c4aca84ded0b96e7936743b5f10 100644
--- a/interface/web/sites/form/web_childdomain.tform.php
+++ b/interface/web/sites/form/web_childdomain.tform.php
@@ -58,7 +58,7 @@ $form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update,
$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
$form["tabs"]['domain'] = array (
- 'title' => "Domain",
+ 'title' => ($childdomain_type == 'aliasdomain'? 'Aliasdomain' : 'Subdomain'),
'width' => 100,
'template' => "templates/web_childdomain_edit.htm",
'fields' => array (
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index c342605c9ae42da884e644e6cf89da8179007485..3c4723abaed4a764b9b485102f21de3f613f8652 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -41,16 +41,19 @@
$vhostdomain_type = 'domain';
$form_title = "Web Domain";
$validator_function = 'web_domain';
+$first_tab_title = "Domain";
if(isset($_SESSION['s']['var']['vhostdomain_type'])) {
if($_SESSION['s']['var']['vhostdomain_type'] == 'subdomain') {
$vhostdomain_type = 'subdomain';
$form_title = "Subdomain";
$validator_function = 'sub_domain';
+ $first_tab_title = "Subomain";
} elseif($_SESSION['s']['var']['vhostdomain_type'] == 'aliasdomain') {
$vhostdomain_type = 'aliasdomain';
$form_title = "Aliasdomain";
$validator_function = 'alias_domain';
+ $first_tab_title = "Aliasomain";
}
}
@@ -85,7 +88,7 @@ $ssl_available = true;
$backup_available = ($vhostdomain_type == 'domain');
if(!$app->auth->is_admin()) {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['limit_wildcard'] != 'y') $wildcard_available = false;
if($client['limit_ssl'] != 'y') $ssl_available = false;
@@ -96,7 +99,7 @@ $app->uses('getconf');
$web_config = $app->getconf->get_global_config('sites');
$form["tabs"]['domain'] = array (
- 'title' => "Domain",
+ 'title' => $first_tab_title,
'width' => 100,
'template' => "templates/web_vhost_domain_edit.htm",
'readonly' => $web_domain_edit_readonly,
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index bdbf3c2b37d337bf384b78cf143e4e5d5142d49b..9de400ce0392fcff585fe6450621d8c15b6d3d14 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -96,11 +96,11 @@ class page_action extends tform_actions {
// Get the record of the parent domain
if(isset($this->dataRecord["parent_domain_id"])) {
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
} else {
$tmp = $app->tform->getDataRecord($this->id);
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]);
if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
unset($tmp);
}
@@ -137,11 +137,11 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
- $dir = $app->db->quote($web["document_root"]);
- $uid = $app->db->quote($web["system_user"]);
- $gid = $app->db->quote($web["system_group"]);
+ $dir = $web["document_root"];
+ $uid = $web["system_user"];
+ $gid = $web["system_group"];
// Check system user and group
if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {
@@ -151,8 +151,8 @@ class page_action extends tform_actions {
// The FTP user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?";
+ $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);
}
function onBeforeUpdate() {
@@ -181,17 +181,17 @@ class page_action extends tform_actions {
//* When the site of the FTP user has been changed
if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
- $dir = $app->db->quote($web["document_root"]);
- $uid = $app->db->quote($web["system_user"]);
- $gid = $app->db->quote($web["system_group"]);
+ $dir = $web["document_root"];
+ $uid = $web["system_user"];
+ $gid = $web["system_group"];
// The FTP user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?";
+ $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);
}
//* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user
@@ -201,11 +201,11 @@ class page_action extends tform_actions {
//* This check should normally never be triggered
//* Set the path to a safe path (web doc root).
if($error_message != '') {
- $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));
- $dir = $app->db->quote($web["document_root"]);
- $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;
- $app->db->query($sql);
+ $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $app->tform->primary_id);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $ftp_data["parent_domain_id"]);
+ $dir = $web["document_root"];
+ $sql = "UPDATE ftp_user SET dir = ? WHERE ftp_user_id = ?";
+ $app->db->query($sql, $dir, $this->id);
$app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);
}
diff --git a/interface/web/sites/lib/module.conf.php b/interface/web/sites/lib/module.conf.php
index b6d506a1573eefd9d41d7b7287583f26ae5af321..979aa63df29ddcd7e9e741e389e3999c2bada6a0 100644
--- a/interface/web/sites/lib/module.conf.php
+++ b/interface/web/sites/lib/module.conf.php
@@ -7,6 +7,7 @@ $module["title"] = "top_menu_sites";
$module["template"] = "module.tpl.htm";
$module["startpage"] = "sites/web_vhost_domain_list.php";
$module["tab_width"] = '';
+$module['order'] = '30';
// Websites menu
$items=array();
@@ -96,10 +97,24 @@ if($app->auth->get_client_limit($userid, 'ftp_user') != 0)
if($app->auth->get_client_limit($userid, 'webdav_user') != 0)
{
- $items[] = array( 'title' => "Webdav-User",
- 'target' => 'content',
- 'link' => 'sites/webdav_user_list.php',
- 'html_id' => 'webdav_user_list');
+ $apache_in_use = false;
+ $servers = $app->db->queryAllRecords("SELECT * FROM server WHERE web_server = 1 AND active = 1");
+ if(is_array($servers) && !empty($servers)){
+ foreach($servers as $server){
+ $tmp_web_config = $app->getconf->get_server_config($server['server_id'], 'web');
+ if(strtolower($tmp_web_config['server_type']) == 'apache'){
+ $apache_in_use = true;
+ break;
+ }
+ }
+ }
+
+ if($apache_in_use == true){
+ $items[] = array( 'title' => "Webdav-User",
+ 'target' => 'content',
+ 'link' => 'sites/webdav_user_list.php',
+ 'html_id' => 'webdav_user_list');
+ }
}
$items[] = array( 'title' => "Folder",
diff --git a/interface/web/sites/list/cron.list.php b/interface/web/sites/list/cron.list.php
index f13beabfbbc48da07aa252dd9d20cfd7c891dbde..b1625ebb18be98e3ee1492e553ab347b344fb107 100644
--- a/interface/web/sites/list/cron.list.php
+++ b/interface/web/sites/list/cron.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/database.list.php b/interface/web/sites/list/database.list.php
index 599cf96f436f05583b3abc808f570ffbd8743d3b..55450ef17f213cfc2e58a3f856b79acb85e92d22 100644
--- a/interface/web/sites/list/database.list.php
+++ b/interface/web/sites/list/database.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "remote_access",
'datatype' => "VARCHAR",
@@ -68,7 +68,7 @@ $liste["item"][] = array( 'field' => "remote_access",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "type",
'datatype' => "VARCHAR",
@@ -91,7 +91,8 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ 'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",
'keyfield'=> 'groupid',
'valuefield'=> 'name'
),
diff --git a/interface/web/sites/list/ftp_user.list.php b/interface/web/sites/list/ftp_user.list.php
index fc15170e96491a1c4b77232b9d229a8c5b80b0d5..122e2b0848e2ffa371d6bf4f2e6b5ffff286a80d 100644
--- a/interface/web/sites/list/ftp_user.list.php
+++ b/interface/web/sites/list/ftp_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/shell_user.list.php b/interface/web/sites/list/shell_user.list.php
index cd88eb2ad0b65480847e0b75932a5c20467f396b..33ba4ad0b89ba8dcd316e23be94ac3332669dbfe 100644
--- a/interface/web/sites/list/shell_user.list.php
+++ b/interface/web/sites/list/shell_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_childdomain.list.php b/interface/web/sites/list/web_childdomain.list.php
index 49167389d5336dd61d1a5f6031f43463c8360aff..9a5f10713ace59bf772bade8e01d311750b66c19 100644
--- a/interface/web/sites/list/web_childdomain.list.php
+++ b/interface/web/sites/list/web_childdomain.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_folder.list.php b/interface/web/sites/list/web_folder.list.php
index fedef22a2ffec74d6d54c5d35491f4aa3293815c..2c79892646beb78e027a47159f17ed1fb1d72306 100644
--- a/interface/web/sites/list/web_folder.list.php
+++ b/interface/web/sites/list/web_folder.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_folder_user.list.php b/interface/web/sites/list/web_folder_user.list.php
index 04a8513526f704c0269fa5f9dc08fe455b2a7580..454e2c447fad6a2684a3e9727ea3379d2b161346 100644
--- a/interface/web/sites/list/web_folder_user.list.php
+++ b/interface/web/sites/list/web_folder_user.list.php
@@ -57,7 +57,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "web_folder_id",
diff --git a/interface/web/sites/list/web_vhost_domain.list.php b/interface/web/sites/list/web_vhost_domain.list.php
index f997d7b4108c9336ed6b77446d1763e21f427623..ddeaacc6e6c9239b1d070110ec9b79d431f292ff 100644
--- a/interface/web/sites/list/web_vhost_domain.list.php
+++ b/interface/web/sites/list/web_vhost_domain.list.php
@@ -78,7 +78,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
if($_SESSION['s']['user']['typ'] == 'admin' && $vhostdomain_type == 'domain') {
$liste["item"][] = array( 'field' => "sys_groupid",
@@ -88,7 +88,8 @@ if($_SESSION['s']['user']['typ'] == 'admin' && $vhostdomain_type == 'domain') {
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',
+ 'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",
'keyfield'=> 'groupid',
'valuefield'=> 'name'
),
diff --git a/interface/web/sites/list/webdav_user.list.php b/interface/web/sites/list/webdav_user.list.php
index 339bc0d1e19945896d4a4d2b690e0bfbe02ee605..ab727ac1a38a228b21b221f900fed32fc6d4c08d 100644
--- a/interface/web/sites/list/webdav_user.list.php
+++ b/interface/web/sites/list/webdav_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+ 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 8de6be755f5a0b05b8817d2b9712a83d3371eeaf..77c4509b44e7e2c56c5ca72d80e16d3d30b2198e 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -103,14 +103,12 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the record of the parent domain
- //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
- //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
if(isset($this->dataRecord["parent_domain_id"])) {
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
} else {
$tmp = $app->tform->getDataRecord($this->id);
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]);
if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
unset($tmp);
}
@@ -163,12 +161,12 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
- $dir = $app->db->quote($web["document_root"]);
- $uid = $app->db->quote($web["system_user"]);
- $gid = $app->db->quote($web["system_group"]);
+ $dir = $web["document_root"];
+ $uid = $web["system_user"];
+ $gid = $web["system_group"];
// Check system user and group
if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {
@@ -178,8 +176,8 @@ class page_action extends tform_actions {
// The FTP user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$uid', pgroup = '$gid', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE shell_user SET server_id = ?, dir = ?, puser = ?, pgroup = ?, sys_groupid = ? WHERE shell_user_id = ?";
+ $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);
}
diff --git a/interface/web/sites/templates/cron_list.htm b/interface/web/sites/templates/cron_list.htm
index 60e5cfb525d8dfa52d77000604b42d24863e76f7..77c89eedf8b548c34e8afe1c347fdaa208a903f1 100644
--- a/interface/web/sites/templates/cron_list.htm
+++ b/interface/web/sites/templates/cron_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="sites/cron_edit.php?id={tmpl_var name='id'}">{tmpl_var name="command"}</a></td>
<td class="text-right">
<div class="buttons icons16">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/cron_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/cron_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</div>
</td>
</tr>
diff --git a/interface/web/sites/templates/database_admin_list.htm b/interface/web/sites/templates/database_admin_list.htm
index dcf4b7fd18c9be4e6ab31e2fc870542e720963f4..8203fa1096817933f8ab8e3c7a50ee21bf54811b 100644
--- a/interface/web/sites/templates/database_admin_list.htm
+++ b/interface/web/sites/templates/database_admin_list.htm
@@ -52,22 +52,22 @@
<td><a href="#" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_name"}</a></td>
<td class="text-right">
<tmpl_if name="dblist_phpmyadmin_link">
- <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></a>
</tmpl_if>
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
<tmpl_unless name="records">
<tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">
- <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
+ <td colspan="9">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
</tr>
</tmpl_unless>
</tbody>
<tfoot>
<tr>
- <td colspan="8"><tmpl_var name="paging"></td>
+ <td colspan="9"><tmpl_var name="paging"></td>
</tr>
</tfoot>
</table>
diff --git a/interface/web/sites/templates/database_list.htm b/interface/web/sites/templates/database_list.htm
index f3cda1b142473c12bf7e1799529edd76d51ae419..6aeb8518f8ba4c574fc5d64e25543aed1a97031c 100644
--- a/interface/web/sites/templates/database_list.htm
+++ b/interface/web/sites/templates/database_list.htm
@@ -66,22 +66,22 @@
<td><a href="#" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_name"}</a></td>
<td class="text-right">
<tmpl_if name="dblist_phpmyadmin_link">
- <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></a>
</tmpl_if>
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
<tmpl_unless name="records">
<tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">
- <td colspan="7">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
+ <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
</tr>
</tmpl_unless>
</tbody>
<tfoot>
<tr>
- <td colspan="7"><tmpl_var name="paging"></td>
+ <td colspan="8"><tmpl_var name="paging"></td>
</tr>
</tfoot>
</table>
diff --git a/interface/web/sites/templates/database_user_admin_list.htm b/interface/web/sites/templates/database_user_admin_list.htm
index fcf222887e5c5c354817082e5ec2bfb69efb7e81..f134238566f2b4f2b76a398ae5f886acc4a3d13d 100644
--- a/interface/web/sites/templates/database_user_admin_list.htm
+++ b/interface/web/sites/templates/database_user_admin_list.htm
@@ -29,8 +29,8 @@
<tr>
<td><a href="#" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_user"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/database_user_list.htm b/interface/web/sites/templates/database_user_list.htm
index e0c44ccf5ead3144e48fe5ee4bc37bae822b7138..b29d5c060079cb1dbc1577098a6ae86dc2e710c9 100644
--- a/interface/web/sites/templates/database_user_list.htm
+++ b/interface/web/sites/templates/database_user_list.htm
@@ -45,8 +45,8 @@
<tr>
<td><a href="#" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_user"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/shell_user_list.htm b/interface/web/sites/templates/shell_user_list.htm
index 3de81689bb823d62e503ddaf516242ee36e0fc34..9be1d8485dfc144ec893d00624338028c8e5e8ae 100644
--- a/interface/web/sites/templates/shell_user_list.htm
+++ b/interface/web/sites/templates/shell_user_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="sites/shell_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>
<td><a href="#" data-load-content="sites/shell_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/shell_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/shell_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/web_backup_list.htm b/interface/web/sites/templates/web_backup_list.htm
index 1668d9c09f70621b67a13c0d9b03a42bc4cb3d53..d933d64f3758093960338539f7d3efd0ddcdb69c 100644
--- a/interface/web/sites/templates/web_backup_list.htm
+++ b/interface/web/sites/templates/web_backup_list.htm
@@ -2,7 +2,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<h3><tmpl_var name="list_head_txt"></h3>
@@ -28,9 +28,9 @@
<td>{tmpl_var name="filesize"}</td>
<td class="text-right">
<div class="buttons">
- <button class="btn btn-default formbutton-default" type="button" onclick="ISPConfig.confirm_action('sites/web_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=restore&backup_id={tmpl_var name='backup_id'}','{tmpl_var name='restore_confirm_txt'}');">{tmpl_var name="restore_backup_txt"}</button>
+ <button class="btn btn-default formbutton-default" type="button" onclick="ISPConfig.confirm_action('sites/web_vhost_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=restore&backup_id={tmpl_var name='backup_id'}','{tmpl_var name='restore_confirm_txt'}');">{tmpl_var name="restore_backup_txt"}</button>
<tmpl_if name="download_available">
- <button class="btn btn-default formbutton-default" type="button" data-load-content="sites/web_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=download&backup_id={tmpl_var name='backup_id'}">{tmpl_var name="download_backup_txt"}</button>
+ <button class="btn btn-default formbutton-default" type="button" data-load-content="sites/web_vhost_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=download&backup_id={tmpl_var name='backup_id'}">{tmpl_var name="download_backup_txt"}</button>
</tmpl_if>
</div>
</td>
diff --git a/interface/web/sites/templates/web_childdomain_list.htm b/interface/web/sites/templates/web_childdomain_list.htm
index 82bda6c8a33f7daa0c2926e9970d032e4cd56632..51aadc157a28b9d63eb3cdab71ca4ddf5d0561c6 100644
--- a/interface/web/sites/templates/web_childdomain_list.htm
+++ b/interface/web/sites/templates/web_childdomain_list.htm
@@ -1,5 +1,5 @@
<div class='page-header'>
- <h1><tmpl_var name="list_head_txt"></h1>
+ <h1><tmpl_if name='childdomain_type' op='==' value='aliasdomain'><tmpl_var name="aliasdomain_list_head_txt"></tmpl_else><tmpl_var name="subdomain_list_head_txt"></tmpl_if></h1>
</div>
<p><tmpl_var name="list_desc_txt"></p>
@@ -22,7 +22,7 @@
</tmpl_if>
<p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
- <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_childdomain_edit.php?type={tmpl_var name='childdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>
+ <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_childdomain_edit.php?type={tmpl_var name='childdomain_type'}"><tmpl_if name='childdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_else>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if></button>
@@ -35,7 +35,7 @@
<th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
<th data-column="server_id"><tmpl_var name="server_id_txt"></th>
<th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th>
- <th data-column="domain"><tmpl_var name="domain_txt"></th>
+ <th data-column="domain"><tmpl_if name='childdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_else>{tmpl_var name="subdomain_txt"}</tmpl_if></th>
<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
</tr>
<tr>
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="sites/web_childdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>
<td><a href="#" data-load-content="sites/web_childdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_childdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_childdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/web_folder_list.htm b/interface/web/sites/templates/web_folder_list.htm
index f9470300557db2fe8eeacac015fd53f84cdaa5b5..aaccb48895659d22f1978130152305c48882a2f3 100644
--- a/interface/web/sites/templates/web_folder_list.htm
+++ b/interface/web/sites/templates/web_folder_list.htm
@@ -55,7 +55,7 @@
<td><a href="#" data-load-content="sites/web_folder_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>
<td><a href="#" data-load-content="sites/web_folder_edit.php?id={tmpl_var name='id'}">{tmpl_var name="path"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/web_folder_user_list.htm b/interface/web/sites/templates/web_folder_user_list.htm
index 7f4689c4740f833c5089572a9bdc592bfdc7a209..6b67e0591cd6f9f58767959bf0cf16a4dbedafd3 100644
--- a/interface/web/sites/templates/web_folder_user_list.htm
+++ b/interface/web/sites/templates/web_folder_user_list.htm
@@ -52,7 +52,7 @@
<td><a href="#" data-load-content="sites/web_folder_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="web_folder_id"}</a></td>
<td><a href="#" data-load-content="sites/web_folder_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/web_vhost_domain_admin_list.htm b/interface/web/sites/templates/web_vhost_domain_admin_list.htm
index 4787def9ee8b592124beddeb5f2655d75ad40057..ccd16e21a6dcbebab541389213c8ce75041910fd 100644
--- a/interface/web/sites/templates/web_vhost_domain_admin_list.htm
+++ b/interface/web/sites/templates/web_vhost_domain_admin_list.htm
@@ -1,11 +1,11 @@
<div class='page-header'>
- <h1><tmpl_var name="list_head_txt"></h1>
+ <h1><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_list_head_txt"}</tmpl_if></h1>
</div>
<p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
- <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>
+ <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="add_new_record_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_if></button>
@@ -20,7 +20,7 @@
<th data-column="sys_groupid"><tmpl_var name="sys_groupid_txt"></th>
<th data-column="server_id"><tmpl_var name="server_id_txt"></th>
<tmpl_if name="vhostdomain_type" op="!=" value="domain"><th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th></tmpl_if>
- <th data-column="domain"><tmpl_var name="domain_txt"></th>
+ <th data-column="domain"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_if></th>
<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
</tr>
<tr>
@@ -45,8 +45,8 @@
<tmpl_if name="vhostdomain_type" op="!=" value="domain"><td><a href="#" data-load-content="sites/web_vhost_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td></tmpl_if>
<td><a href="#" data-load-content="sites/web_vhost_domain_edit.php?id={tmpl_var name='id'}&type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="domain"}</a></td>
<td class="text-right">
- <a href="http://{tmpl_var name="domain"}" target="_blank" class="btn btn-default formbutton-default formbutton-narrow"><span class="icon icon-link"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_vhost_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a href="http://{tmpl_var name="domain"}" target="_blank" class="btn btn-default formbutton-default formbutton-narrow"><span class="icon icon-link"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_vhost_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/templates/web_vhost_domain_edit.htm b/interface/web/sites/templates/web_vhost_domain_edit.htm
index e313b9f40e08b3a46042b8d1f9bdc0d137959bdc..fa537270546acf8700783f5d629615c586bf776c 100644
--- a/interface/web/sites/templates/web_vhost_domain_edit.htm
+++ b/interface/web/sites/templates/web_vhost_domain_edit.htm
@@ -274,6 +274,8 @@
jQuery('#parent_domain_id').change(function() {
reloadServerId(false);
});
+ // new Vhostsubdomains/Vhostaliasdomains
+ if(serverId == '') jQuery('#parent_domain_id').trigger('change');
function reloadServerId(noFormChange) {
var parentWebId = jQuery('#parent_domain_id').val();
@@ -331,22 +333,44 @@
}
function reloadWebIP() {
- ISPConfig.loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+serverId+'&client_group_id='+clientGroupId);
- ISPConfig.loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+serverId+'&client_group_id='+clientGroupId);
+ ISPConfig.loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+serverId+'&client_group_id='+clientGroupId<tmpl_if name="use_combobox" value="y">, rerenderSelect2</tmpl_if>);
+ ISPConfig.loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+serverId+'&client_group_id='+clientGroupId<tmpl_if name="use_combobox" value="y">, rerenderSelect2</tmpl_if>);
+ <tmpl_if name="use_combobox" value="y">
+ //$('#ip_address').add('#ipv6_address').select2();
+ </tmpl_if>
}
+
+ function rerenderSelect2(elem) {
+ $('#'+elem).select2();
+ }
function reloadFastcgiPHPVersions(noFormChange) {
jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {server_id : serverId, php_type : jQuery('#php').val(), type : "getphpfastcgi", client_group_id : clientGroupId}, function(data) {
- var options = '<option value="">Default</option>';
+ //var options = '<option value="">Default</option>';
+ var options = '';
var phpfastcgiselected = '';
$.each(data, function(key, val) {
+ <tmpl_if name="id">
if($('#fastcgi_php_version').val() == key){
phpfastcgiselected = ' selected="selected"';
} else {
phpfastcgiselected = '';
}
+ </tmpl_else>
+ phpfastcgiselected = '';
+ </tmpl_if>
options += '<option value="'+key+'"'+phpfastcgiselected+'>'+val+'</option>';
});
+ <tmpl_if name="id">
+ if($('#fastcgi_php_version').val() == ''){
+ phpfastcgiselected = ' selected="selected"';
+ } else {
+ phpfastcgiselected = '';
+ }
+ </tmpl_else>
+ phpfastcgiselected = '';
+ </tmpl_if>
+ options += '<option value=""'+phpfastcgiselected+'>{tmpl_var name="default_php_txt"}</option>';
$('#fastcgi_php_version').html(options).change();
if(noFormChange) ISPConfig.resetFormChanged();
});
diff --git a/interface/web/sites/templates/web_vhost_domain_list.htm b/interface/web/sites/templates/web_vhost_domain_list.htm
index 7ee6966d3aa2ce24f98f0bc485c2be4aebfb5bb2..b40db40d324e2dd7cc225d8bc5c5f203f5ecabf0 100644
--- a/interface/web/sites/templates/web_vhost_domain_list.htm
+++ b/interface/web/sites/templates/web_vhost_domain_list.htm
@@ -1,5 +1,5 @@
<div class='page-header'>
- <h1><tmpl_var name="list_head_txt"></h1>
+ <h1><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_list_head_txt"}</tmpl_if></h1>
</div>
<p><tmpl_var name="list_desc_txt"></p>
@@ -22,7 +22,7 @@
</tmpl_if>
<p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
- <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>
+ <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="add_new_record_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_if></button>
@@ -36,7 +36,7 @@
<th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
<th data-column="server_id"><tmpl_var name="server_id_txt"></th>
<tmpl_if name="vhostdomain_type" op="!=" value="domain"><th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th></tmpl_if>
- <th data-column="domain"><tmpl_var name="domain_txt"></th>
+ <th data-column="domain"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_if></th>
<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
</tr>
<tr>
diff --git a/interface/web/sites/templates/web_vhost_domain_ssl.htm b/interface/web/sites/templates/web_vhost_domain_ssl.htm
index 167af9ecf7bb7578aefc0d79090baa53a4fc5db3..ad9629fe4cdf670eb8087e9980b6dbcbf1ad5296 100644
--- a/interface/web/sites/templates/web_vhost_domain_ssl.htm
+++ b/interface/web/sites/templates/web_vhost_domain_ssl.htm
@@ -91,7 +91,7 @@
$('#reset_data').click(function(){
$('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');
- $('#ssl_country').val($("#ssl_country option:first").val());
+ $('#ssl_country').val($("#ssl_country option:first").val()).trigger('change');
});
$('#load_data').click(function(){
loadClientData();
@@ -104,7 +104,7 @@
jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {
$('#ssl_organisation').val(data['company_name']);
$('#ssl_locality').val(data['city']);
- $('#ssl_country').val(data['country']);
+ $('#ssl_country').val(data['country']).trigger('change');
$('#ssl_state').val(data['state']);
$('#ssl_organisation_unit').val('IT');
});
diff --git a/interface/web/sites/templates/webdav_user_list.htm b/interface/web/sites/templates/webdav_user_list.htm
index 68615e6299b04c24db820c30cf275dcb8c8cfd5a..01764cc2fe0070d7d4b343a66b5ce8ab58ee25c4 100644
--- a/interface/web/sites/templates/webdav_user_list.htm
+++ b/interface/web/sites/templates/webdav_user_list.htm
@@ -56,7 +56,7 @@
<td><a href="#" data-load-content="sites/webdav_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>
<td><a href="#" data-load-content="sites/webdav_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/webdav_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/webdav_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/sites/user_quota_stats.php b/interface/web/sites/user_quota_stats.php
index dc71dc3dfe89166f4bb180eb4b16504e619af335..9c9300807647fa9b499279a0900ac2d43fab3feb 100644
--- a/interface/web/sites/user_quota_stats.php
+++ b/interface/web/sites/user_quota_stats.php
@@ -19,8 +19,6 @@ $app->uses('functions');
$app->load('listform_actions');
-// $tmp_rec = $app->db->queryOneRecord("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");
-// $monitor_data = unserialize($app->db->unquote($tmp_rec['data']));
$tmp_rec = $app->db->queryAllRecords("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");
$monitor_data = array();
if(is_array($tmp_rec)) {
@@ -43,7 +41,7 @@ class list_action extends listform_actions {
$rec['bgcolor'] = $this->DataRowColor;
$username = $rec['system_user'];
- $server = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$rec['server_id']);
+ $server = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $rec['server_id']);
$rec['domain'] = $rec['domain'].($server['server_name'] != '' ? ' ('.$server['server_name'].')' : '');
$rec['used'] = $monitor_data['user'][$username]['used'];
diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php
index a2a20ca11a5e8cce3dd39c43abf04b9a1ce98f4f..33c2422f45735fbe6bb35e60d71dbd808380fb35 100644
--- a/interface/web/sites/web_childdomain_edit.php
+++ b/interface/web/sites/web_childdomain_edit.php
@@ -136,7 +136,7 @@ class page_action extends tform_actions {
} else {
if($this->_childdomain_type == 'subdomain') {
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);
// remove the parent domain part of the domain name before we show it in the text field.
$this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);
@@ -168,13 +168,13 @@ class page_action extends tform_actions {
// Get the record of the parent domain
if(!@$this->dataRecord["parent_domain_id"] && $this->id) {
- $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ?", $this->id);
if($tmp) $this->dataRecord["parent_domain_id"] = $tmp['parent_domain_id'];
unset($tmp);
}
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
/* check if the domain module is used - and check if the selected domain can be used! */
$app->uses('ini_parser,getconf');
@@ -236,7 +236,7 @@ class page_action extends tform_actions {
//* Update the old website, so that the vhost alias gets removed
//* We force the update by inserting a transaction record without changes manually.
- $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
+ $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $this->oldDataRecord['domain_id']);
$app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $app->functions->intval($this->oldDataRecord['parent_domain_id']), $old_website, $old_website, true);
}
diff --git a/interface/web/sites/web_folder_del.php b/interface/web/sites/web_folder_del.php
index ec13c35a851cd09536687d91499aed635d37bed5..c7b60382d42e1f2e6ede68dd90fc9630e13de27d 100644
--- a/interface/web/sites/web_folder_del.php
+++ b/interface/web/sites/web_folder_del.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
// Delete all users that belong to this folder.
- $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec['web_folder_user_id']);
}
diff --git a/interface/web/sites/web_folder_edit.php b/interface/web/sites/web_folder_edit.php
index 009b039c1d1af7cc9719d3f60e8dd5f1e4c59dd4..04a80a1e90679ef24b74e72cb341ff542a44a108 100644
--- a/interface/web/sites/web_folder_edit.php
+++ b/interface/web/sites/web_folder_edit.php
@@ -55,7 +55,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
// Set a few fixed values
@@ -63,9 +63,9 @@ class page_action extends tform_actions {
// make sure this folder isn't protected already
if($this->id > 0){
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ".$this->dataRecord['parent_domain_id']." AND path = '".$this->dataRecord['path']."' AND web_folder_id != ".$this->id);
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ? AND path = ? AND web_folder_id != ?", $this->dataRecord['parent_domain_id'], $this->dataRecord['path'], $this->id);
} else {
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ".$this->dataRecord['parent_domain_id']." AND path = '".$this->dataRecord['path']."'");
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ? AND path = ?", $this->dataRecord['parent_domain_id'], $this->dataRecord['path']);
}
if(is_array($folder) && !empty($folder)) $app->tform->errorMessage .= $app->tform->lng('error_folder_already_protected_txt');
@@ -75,13 +75,13 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
// The web folder entry shall be owned by the same group as the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE web_folder SET sys_groupid = '$sys_groupid' WHERE web_folder_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_folder SET sys_groupid = ? WHERE web_folder_id = ?";
+ $app->db->query($sql, $sys_groupid, $this->id);
}
function onAfterUpdate() {
@@ -89,13 +89,13 @@ class page_action extends tform_actions {
//* When the site of the web folder has been changed
if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
// The web folder entry shall be owned by the same group as the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE web_folder SET sys_groupid = '$sys_groupid' WHERE web_folder_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_folder SET sys_groupid = ? WHERE web_folder_id = ?";
+ $app->db->query($sql, $sys_groupid, $this->id);
}
}
diff --git a/interface/web/sites/web_folder_user_edit.php b/interface/web/sites/web_folder_user_edit.php
index ec3bdd1edbb099ca1ff2226a0157a154dce5c274..654578a31715dcbcf2941004a329b3e60a715746 100644
--- a/interface/web/sites/web_folder_user_edit.php
+++ b/interface/web/sites/web_folder_user_edit.php
@@ -55,7 +55,7 @@ class page_action extends tform_actions {
global $app, $conf;
// Get the record of the parent domain
- $folder = $app->db->queryOneRecord("select * FROM web_folder WHERE web_folder_id = ".$app->functions->intval(@$this->dataRecord["web_folder_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $folder = $app->db->queryOneRecord("select * FROM web_folder WHERE web_folder_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["web_folder_id"]);
if(!$folder || $folder['web_folder_id'] != @$this->dataRecord['web_folder_id']) $app->tform->errorMessage .= $app->tform->lng("no_folder_perm");
// Set a few fixed values
@@ -63,9 +63,9 @@ class page_action extends tform_actions {
// make sure this folder/user combination does not exist already
if($this->id > 0){
- $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ".$this->dataRecord['web_folder_id']." AND username = '".$this->dataRecord['username']."' AND web_folder_user_id != ".$this->id);
+ $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ? AND username = ? AND web_folder_user_id != ?", $this->dataRecord['web_folder_id'], $this->dataRecord['username'], $this->id);
} else {
- $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ".$this->dataRecord['web_folder_id']." AND username = '".$this->dataRecord['username']."'");
+ $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ? AND username = ?", $this->dataRecord['web_folder_id'], $this->dataRecord['username']);
}
if(is_array($user) && !empty($user)) $app->tform->errorMessage .= $app->tform->lng('error_user_exists_already_txt');
@@ -75,13 +75,13 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".$app->functions->intval($this->dataRecord["web_folder_id"]));
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $this->dataRecord["web_folder_id"]);
// The web folder user entry shall be owned by the same group as the web folder
$sys_groupid = $app->functions->intval($folder['sys_groupid']);
- $sql = "UPDATE web_folder_user SET sys_groupid = '$sys_groupid' WHERE web_folder_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_folder_user SET sys_groupid = ? WHERE web_folder_user_id = ?";
+ $app->db->query($sql, $sys_groupid, $this->id);
}
function onAfterUpdate() {
@@ -89,13 +89,13 @@ class page_action extends tform_actions {
//* When the web folder has been changed
if(isset($this->dataRecord['web_folder_id']) && $this->oldDataRecord['web_folder_id'] != $this->dataRecord['web_folder_id']) {
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".$app->functions->intval($this->dataRecord["web_folder_id"]));
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $this->dataRecord["web_folder_id"]);
// The web folder user entry shall be owned by the same group as the web folder
$sys_groupid = $app->functions->intval($folder['sys_groupid']);
- $sql = "UPDATE web_folder_user SET sys_groupid = '$sys_groupid' WHERE web_folder_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_folder_user SET sys_groupid = ? WHERE web_folder_user_id = ?";
+ $app->db->query($sql, $sys_groupid, $this->id);
}
}
diff --git a/interface/web/sites/web_sites_stats.php b/interface/web/sites/web_sites_stats.php
index 4e5535e0df49a5e0d4a819218a110a951b12dd52..16c40d43ed92990ee7b25c070511dec496ead604 100644
--- a/interface/web/sites/web_sites_stats.php
+++ b/interface/web/sites/web_sites_stats.php
@@ -40,36 +40,28 @@ class list_action extends listform_actions {
//** Traffic of the current month
$tmp_year = date('Y');
$tmp_month = date('m');
- $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
-// $rec['this_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_this_month += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);
$rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);
- $this->sum_this_month += $app->functions->formatBytes($tmp_rec['t']);
+ $this->sum_this_month += $tmp_rec['t'];
//** Traffic of the current year
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
-// $rec['this_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_this_year += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);
$rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);
- $this->sum_this_year += $app->functions->formatBytes($tmp_rec['t']);
+ $this->sum_this_year += $tmp_rec['t'];
//** Traffic of the last month
$tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
$tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
-// $rec['last_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_last_month += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);
$rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);
- $this->sum_last_month += $app->functions->formatBytes($tmp_rec['t']);
+ $this->sum_last_month += $tmp_rec['t'];
//** Traffic of the last year
$tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
- $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
-// $rec['last_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
-// $this->sum_last_year += ($tmp_rec['t']/1024/1024);
+ $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);
$rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);
- $this->sum_last_year += $app->functions->formatBytes($tmp_rec['t']);
+ $this->sum_last_year += $tmp_rec['t'];
//* The variable "id" contains always the index variable
$rec['id'] = $rec[$this->idx_key];
@@ -81,10 +73,10 @@ class list_action extends listform_actions {
{
global $app;
- $app->tpl->setVar('sum_this_month', number_format($app->functions->intval($this->sum_this_month), 0, '.', ' '));
- $app->tpl->setVar('sum_this_year', number_format($app->functions->intval($this->sum_this_year), 0, '.', ' '));
- $app->tpl->setVar('sum_last_month', number_format($app->functions->intval($this->sum_last_month), 0, '.', ' '));
- $app->tpl->setVar('sum_last_year', number_format($app->functions->intval($this->sum_last_year), 0, '.', ' '));
+ $app->tpl->setVar('sum_this_month', $app->functions->formatBytes($this->sum_this_month));
+ $app->tpl->setVar('sum_this_year', $app->functions->formatBytes($this->sum_this_year));
+ $app->tpl->setVar('sum_last_month', $app->functions->formatBytes($this->sum_last_month));
+ $app->tpl->setVar('sum_last_year', $app->functions->formatBytes($this->sum_last_year));
$app->tpl->setVar('sum_txt', $app->listform->lng('sum_txt'));
$app->tpl_defaults();
diff --git a/interface/web/sites/web_vhost_domain_del.php b/interface/web/sites/web_vhost_domain_del.php
index 25c7425b11df96b3e0e8ef9190b95d823706246b..125d92f8ee039bb4b9b35eea6817c1dc72e178bb 100644
--- a/interface/web/sites/web_vhost_domain_del.php
+++ b/interface/web/sites/web_vhost_domain_del.php
@@ -72,45 +72,45 @@ class page_action extends tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
//* Delete all records that belong to this web.
- $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE parent_domain_id = '".$app->functions->intval($this->id)."' AND type != 'vhost'");
+ $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE parent_domain_id = ? AND type != 'vhost'", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('web_domain', 'domain_id', $rec['domain_id']);
}
//* Delete all records that belong to this web.
- $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('ftp_user', 'ftp_user_id', $rec['ftp_user_id']);
}
//* Delete all records that belong to this web.
- $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('shell_user', 'shell_user_id', $rec['shell_user_id']);
}
//* Delete all records that belong to this web.
- $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('cron', 'id', $rec['id']);
}
//* Delete all records that belong to this web
- $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('webdav_user', 'webdav_user_id', $rec['webdav_user_id']);
}
//* Delete all records that belong to this web
- $records = $app->db->queryAllRecords("SELECT backup_id FROM web_backup WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT backup_id FROM web_backup WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
$app->db->datalogDelete('web_backup', 'backup_id', $rec['backup_id']);
}
//* Delete all records that belog to this web.
- $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ?", $this->id);
if($web_domain['domain'] != ''){
- $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($web_domain['domain'])."'");
+ $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $web_domain['domain']);
if(is_array($aps_instances) && !empty($aps_instances)){
foreach($aps_instances as $aps_instance){
if($aps_instance['instance_id'] > 0){
@@ -123,10 +123,10 @@ class page_action extends tform_actions {
}
//* Delete all web folders
- $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $this->id);
foreach($records as $rec) {
//* Delete all web folder users
- $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");
+ $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $rec['web_folder_id']);
foreach($records2 as $rec2) {
$app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);
}
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 6e7d4347ff8573249c12720b636ce6687281b8ae..6c3f4e9d7ba755430661967e3fd524258419f8e6 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -111,7 +111,7 @@ class page_action extends tform_actions {
}
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$web_servers = explode(',', $client['web_servers']);
$server_id = $web_servers[0];
$app->tpl->setVar("server_id_value", $server_id);
@@ -141,7 +141,7 @@ class page_action extends tform_actions {
$read_limits = array('limit_cgi', 'limit_ssi', 'limit_perl', 'limit_ruby', 'limit_python', 'force_suexec', 'limit_hterror', 'limit_wildcard', 'limit_ssl');
- if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
+ if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);
$is_admin = false;
@@ -151,11 +151,11 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
if($this->_vhostdomain_type == 'domain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'subdomain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'aliasdomain') {
- $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$client['web_servers_ids'] = explode(',', $client['web_servers']);
@@ -167,13 +167,13 @@ class page_action extends tform_actions {
$web_config[$web_server_id] = $app->getconf->get_server_config($web_server_id, 'web');
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client['web_servers'] . ");";
- $web_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $web_servers = $app->db->queryAllRecords($sql, $client['web_servers_ids']);
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= "<option value='$web_server[server_id]'>$web_server[server_name]</option>";
+ $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -181,7 +181,7 @@ class page_action extends tform_actions {
if($this->id > 0) {
if(!isset($this->dataRecord["server_id"])){
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
}
@@ -200,8 +200,8 @@ class page_action extends tform_actions {
}
//* Fill the IPv4 select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']));
$ip_select = ($web_config[$server_id]['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
//if(!in_array($this->dataRecord["ip_address"], $ips)) $ip_select .= "<option value='".$this->dataRecord["ip_address"]."' SELECTED>".$this->dataRecord["ip_address"]."</option>\r\n";
//$ip_select = "";
@@ -216,8 +216,8 @@ class page_action extends tform_actions {
unset($ips);
//* Fill the IPv6 select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=?)";
+ $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']), $_SESSION['s']['user']['client_id']);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
@@ -237,17 +237,17 @@ class page_action extends tform_actions {
if($this->_vhostdomain_type == 'domain') {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $_SESSION['s']['user']['client_id']);
}
if($this->dataRecord['php'] == 'fast-cgi'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $_SESSION['s']['user']['client_id']);
}
} else {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
}
if($this->dataRecord['php'] == 'fast-cgi'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
}
}
$php_select = "<option value=''>Default</option>";
@@ -276,12 +276,12 @@ class page_action extends tform_actions {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
if($this->_vhostdomain_type == 'domain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$app->tpl->setVar('only_one_server', $only_one_server);
} elseif($this->_vhostdomain_type == 'subdomain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
} elseif($this->_vhostdomain_type == 'aliasdomain') {
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
$client['web_servers_ids'] = explode(',', $client['web_servers']);
@@ -292,13 +292,13 @@ class page_action extends tform_actions {
$web_config[$web_server_id] = $app->getconf->get_server_config($web_server_id, 'web');
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client['web_servers'] . ");";
- $web_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $web_servers = $app->db->queryAllRecords($sql, $client['web_servers_ids']);
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= "<option value='$web_server[server_id]'>$web_server[server_name]</option>";
+ $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -306,9 +306,9 @@ class page_action extends tform_actions {
if ($settings['use_domain_module'] != 'y') {
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $records = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($records)) {
@@ -333,8 +333,8 @@ class page_action extends tform_actions {
}
//* Fill the IPv4 select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=?)";
+ $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']), $_SESSION['s']['user']['client_id']);
$ip_select = ($web_config[$server_id]['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
//if(!in_array($this->dataRecord["ip_address"], $ips)) $ip_select .= "<option value='".$this->dataRecord["ip_address"]."' SELECTED>".$this->dataRecord["ip_address"]."</option>\r\n";
//$ip_select = "";
@@ -349,8 +349,8 @@ class page_action extends tform_actions {
unset($ips);
//* Fill the IPv6 select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=?)";
+ $ips = $app->db->queryAllRecords($sql, $client['web_servers'], $_SESSION['s']['user']['client_id']);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
@@ -367,22 +367,21 @@ class page_action extends tform_actions {
$server_type = 'apache';
if(!empty($web_config[$server_id]['server_type'])) $server_type = $web_config[$server_id]['server_type'];
if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
- $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
- //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
- $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";
+ $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $selected_client_group_id);
+ $sql_where = " AND (client_id = 0 OR client_id = ?)";
if($this->_vhostdomain_type == 'domain') {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $selected_client['client_id']);
}
if($this->dataRecord['php'] == 'fast-cgi') {
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $selected_client['client_id']);
}
} else {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
}
if($this->dataRecord['php'] == 'fast-cgi') {
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
}
}
$php_select = "<option value=''>Default</option>";
@@ -410,6 +409,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt = '';
if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){
foreach($php_directive_snippets as $php_directive_snippet){
+ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
$php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -421,6 +421,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt = '';
if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){
foreach($apache_directive_snippets as $apache_directive_snippet){
+ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
$apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -433,6 +434,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt = '';
if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){
foreach($nginx_directive_snippets as $nginx_directive_snippet){
+ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
$nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -444,6 +446,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
+ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
$proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -460,7 +463,7 @@ class page_action extends tform_actions {
// The user is admin, so we fill in all IP addresses of the server
if($this->id > 0) {
if(!isset($this->dataRecord["server_id"])){
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
}
@@ -483,8 +486,8 @@ class page_action extends tform_actions {
}
//* Fill the IPv4 select field
- $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ".$app->functions->intval($server_id);
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $server_id);
$ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
//$ip_select = "";
if(is_array($ips)) {
@@ -498,8 +501,8 @@ class page_action extends tform_actions {
unset($ips);
//* Fill the IPv6 select field
- $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ".$app->functions->intval($server_id);
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $server_id);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
@@ -535,22 +538,21 @@ class page_action extends tform_actions {
$server_type = 'apache';
if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
- $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
- //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
- $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($selected_client['client_id']).")";
+ $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $selected_client_group_id);
+ $sql_where = " AND (client_id = 0 OR client_id = ?)";
if($this->_vhostdomain_type == 'domain') {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, $server_id, $selected_client['client_id']);
}
if($this->dataRecord['php'] == 'fast-cgi') {
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($server_id).$sql_where);
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, $server_id, $selected_client['client_id']);
}
} else {
if($this->dataRecord['php'] == 'php-fpm'){
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $parent_domain['server_id']);
}
if($this->dataRecord['php'] == 'fast-cgi') {
- $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
+ $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?", $parent_domain['server_id']);
}
}
$php_select = "<option value=''>Default</option>";
@@ -575,6 +577,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt = '';
if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){
foreach($php_directive_snippets as $php_directive_snippet){
+ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
$php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -586,6 +589,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt = '';
if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){
foreach($apache_directive_snippets as $apache_directive_snippet){
+ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
$apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -598,6 +602,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt = '';
if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){
foreach($nginx_directive_snippets as $nginx_directive_snippet){
+ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
$nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -609,6 +614,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
+ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
$proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
@@ -618,7 +624,7 @@ class page_action extends tform_actions {
$ssl_domain_select = '';
$ssl_domains = array();
- $tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ".$this->id." OR parent_domain_id = ".$this->id);
+ $tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ? OR parent_domain_id = ?", $this->id, $this->id);
foreach($tmpd as $tmp) {
if($tmp['type'] == 'subdomain' || $tmp['type'] == 'vhostsubdomain') {
$ssl_domains[] = $tmp["domain"];
@@ -629,7 +635,7 @@ class page_action extends tform_actions {
if(is_array($ssl_domains)) {
foreach( $ssl_domains as $ssl_domain) {
$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
- $ssl_domain_select .= "<option value='$ssl_domain' $selected>$ssl_domain</option>\r\n";
+ $ssl_domain_select .= "<option value='$ssl_domain' $selected>".$app->functions->idn_decode($ssl_domain)."</option>\r\n";
}
}
$app->tpl->setVar("ssl_domain", $ssl_domain_select);
@@ -687,12 +693,16 @@ class page_action extends tform_actions {
$domain_select .= "<option value=''></option>\r\n";
}
$app->tpl->setVar("domain_option", $domain_select);
+ } else {
+
+ // remove the parent domain part of the domain name before we show it in the text field.
+ if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);
}
if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]);
// check for configuration errors in sys_datalog
if($this->id > 0) {
- $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
+ $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
$app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
@@ -713,6 +723,10 @@ class page_action extends tform_actions {
if(is_array($tmp_client) && !empty($tmp_client) && trim($this->dataRecord['ssl_organisation']) == '' && trim($this->dataRecord['ssl_locality']) == '' && trim($this->dataRecord['ssl_state']) == '' && trim($this->dataRecord['ssl_organisation_unit']) == '') $app->tpl->setVar("show_helper_links", true);
}
+ $sys_config = $app->getconf->get_global_config('misc');
+ if($sys_config['use_combobox'] == 'y') {
+ $app->tpl->setVar('use_combobox', 'y');
+ }
parent::onShowEnd();
}
@@ -733,12 +747,12 @@ class page_action extends tform_actions {
} else {
// Get the record of the parent domain
if(!@$this->dataRecord["parent_domain_id"] && $this->id) {
- $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ?", $this->id);
if($tmp) $this->dataRecord["parent_domain_id"] = $tmp['parent_domain_id'];
unset($tmp);
}
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
if($this->_vhostdomain_type == 'subdomain') {
@@ -800,14 +814,6 @@ class page_action extends tform_actions {
// vhostaliasdomains do not have a quota of their own
$this->dataRecord["hd_quota"] = 0;
-
- // check for duplicate folder usage
- /*
- $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostalias' AND `parent_domain_id` = '" . $app->functions->intval($this->dataRecord['parent_domain_id']) . "' AND `web_folder` = '" . $app->db->quote($this->dataRecord['web_folder']) . "' AND `domain_id` != '" . $app->functions->intval($this->id) . "'");
- if($check && $check['cnt'] > 0) {
- $app->tform->errorMessage .= $app->tform->lng("web_folder_unique_txt")."<br>";
- }
- */
}
}
@@ -816,7 +822,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['web_servers_ids'] = explode(',', $client['web_servers']);
@@ -832,7 +838,7 @@ class page_action extends tform_actions {
// only generate quota and traffic warnings if value has changed
if($this->id > 0) {
- $old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->id);
} else {
$old_web_values = array();
}
@@ -840,7 +846,7 @@ class page_action extends tform_actions {
if($this->_vhostdomain_type == 'domain') {
//* Check the website quota of the client
if(isset($_POST["hd_quota"]) && $client["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {
- $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost' AND ".$app->tform->getAuthSQL('u'));
+ $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ? AND type = 'vhost' AND ".$app->tform->getAuthSQL('u'), $this->id);
$webquota = $tmp["webquota"];
$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
if(($webquota + $new_web_quota > $client["limit_web_quota"]) || ($new_web_quota < 0 && $client["limit_web_quota"] >= 0)) {
@@ -857,7 +863,7 @@ class page_action extends tform_actions {
//* Check the traffic quota of the client
if(isset($_POST["traffic_quota"]) && $client["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
- $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
+ $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ? AND ".$app->tform->getAuthSQL('u'), $this->id);
$trafficquota = $tmp["trafficquota"];
$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
if(($trafficquota + $new_traffic_quota > $client["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $client["limit_traffic_quota"] >= 0)) {
@@ -873,12 +879,12 @@ class page_action extends tform_actions {
if($client['parent_client_id'] > 0) {
// Get the limits of the reseller
- $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, limit_web_quota FROM client WHERE client_id = ?", $client['parent_client_id']);
if($this->_vhostdomain_type == 'domain') {
//* Check the website quota of the client
if(isset($_POST["hd_quota"]) && $reseller["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {
- $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost'");
+ $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);
$webquota = $tmp["webquota"];
$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
@@ -896,7 +902,7 @@ class page_action extends tform_actions {
//* Check the traffic quota of the client
if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
- $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost'");
+ $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);
$trafficquota = $tmp["trafficquota"];
$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
if(($trafficquota + $new_traffic_quota > $reseller["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $reseller["limit_traffic_quota"] >= 0)) {
@@ -914,7 +920,7 @@ class page_action extends tform_actions {
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `web_folder`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `web_folder`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
$this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!
$this->dataRecord['system_user'] = $tmp['system_user'];
@@ -943,17 +949,17 @@ class page_action extends tform_actions {
// Check if the user may add another web_domain
if($this->_vhostdomain_type == 'domain' && $client["limit_web_domain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and type = 'vhost'");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and type = 'vhost'", $client_group_id);
if($tmp["number"] >= $client["limit_web_domain"]) {
$app->error($app->tform->wordbook["limit_web_domain_txt"]);
}
} elseif($this->_vhostdomain_type == 'aliasdomain' && $client["limit_web_aliasdomain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and (type = 'alias' OR type = 'vhostalias')");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'alias' OR type = 'vhostalias')", $client_group_id);
if($tmp["number"] >= $client["limit_web_aliasdomain"]) {
$app->error($app->tform->wordbook["limit_web_aliasdomain_txt"]);
}
} elseif($this->_vhostdomain_type == 'subdomain' && $client["limit_web_subdomain"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and (type = 'subdomain' OR type = 'vhostsubdomain')");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'subdomain' OR type = 'vhostsubdomain')", $client_group_id);
if($tmp["number"] >= $client["limit_web_subdomain"]) {
$app->error($app->tform->wordbook["limit_web_subdomain_txt"]);
}
@@ -980,8 +986,8 @@ class page_action extends tform_actions {
$web_config = $app->getconf->get_server_config($app->functions->intval(isset($this->dataRecord["server_id"]) ? $this->dataRecord["server_id"] : $server_id), 'web');
//* Check for duplicate ssl certs per IP if SNI is disabled
if(isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y' && $web_config['enable_sni'] != 'y') {
- $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."' and domain_id != ".$this->id;
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = ? and domain_id != ?";
+ $tmp = $app->db->queryOneRecord($sql, $this->dataRecord['ip_address'], $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("error_no_sni_txt");
}
@@ -1096,11 +1102,11 @@ class page_action extends tform_actions {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);
}
// Get configuration for the web system
@@ -1118,47 +1124,48 @@ class page_action extends tform_actions {
// get the ID of the client
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);
$client_id = $app->functions->intval($client["client_id"]);
} else {
//$client_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($this->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $this->dataRecord["client_group_id"]);
$client_id = $app->functions->intval($client["client_id"]);
}
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote('web'.$this->id);
- $system_group = $app->db->quote('client'.$client_id);
+ $system_user = 'web'.$this->id;
+ $system_group = 'client'.$client_id;
$document_root = str_replace("[client_id]", $client_id, $document_root);
$document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);
$document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
$document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
- $document_root = $app->db->quote($document_root);
+ $document_root = $document_root;
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
- $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
+ $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
+ $htaccess_allow_override = $web_config["htaccess_allow_override"];
$added_date = date($app->lng('conf_format_dateshort'));
- $added_by = $app->db->quote($_SESSION['s']['user']['username']);
+ $added_by = $_SESSION['s']['user']['username'];
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir', added_date = '$added_date', added_by = '$added_by' WHERE domain_id = ".$this->id;
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = ?, added_by = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_date, $added_by, $this->id);
} else {
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote($this->parent_domain_record['system_user']);
- $system_group = $app->db->quote($this->parent_domain_record['system_group']);
- $document_root = $app->db->quote($this->parent_domain_record['document_root']);
+ $system_user = $this->parent_domain_record['system_user'];
+ $system_group = $this->parent_domain_record['system_group'];
+ $document_root = $this->parent_domain_record['document_root'];
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
- $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);
+ $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
+ $htaccess_allow_override = $this->parent_domain_record['allow_override'];
$added_date = date($app->lng('conf_format_dateshort'));
- $added_by = $app->db->quote($_SESSION['s']['user']['username']);
-
- $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir', added_date = '$added_date', added_by = '$added_by' WHERE domain_id = ".$this->id;
+ $added_by = $_SESSION['s']['user']['username'];
+
+ $sql = "UPDATE web_domain SET sys_groupid = ?, system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = ?, added_by = ? WHERE domain_id = ?";
+ $app->db->query($sql, $this->parent_domain_record['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_date, $added_by, $this->id);
}
- $app->db->query($sql);
}
function onBeforeUpdate () {
@@ -1169,7 +1176,7 @@ class page_action extends tform_actions {
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
if (isset($this->dataRecord["server_id"])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -1180,7 +1187,7 @@ class page_action extends tform_actions {
//* If the user is neither admin nor reseller
} else {
//* We do not allow users to change a domain which has been created by the admin
- $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain, ip_address, ipv6_address from web_domain WHERE domain_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain, ip_address, ipv6_address from web_domain WHERE domain_id = ?", $this->id);
if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php
index 174383bf0d98a5aaa85283d934ee297ff071fdf3..42c75ca7e50775d0d7b8b712b9f4ab176a8e2365 100644
--- a/interface/web/sites/webdav_user_edit.php
+++ b/interface/web/sites/webdav_user_edit.php
@@ -102,7 +102,7 @@ class page_action extends tform_actions {
global $app, $conf;
/* Get the record of the parent domain */
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
/*
@@ -145,7 +145,7 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
// The webdav user shall be owned by the same group then the website
@@ -157,8 +157,8 @@ class page_action extends tform_actions {
$hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);
$this->dataRecord["password"] = $hash;
- $sql = "UPDATE webdav_user SET server_id = ".$server_id.", sys_groupid = '".$sys_groupid."', password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE webdav_user SET server_id = ?, sys_groupid = ?, password = ? WHERE webdav_user_id = ?";
+ $app->db->query($sql, $server_id, $sys_groupid, $this->dataRecord["password"], $this->id);
}
@@ -169,7 +169,7 @@ class page_action extends tform_actions {
* we can not change the username and the dir, so get the "old" - data from the db
* and set it
*/
- $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".$app->functions->intval($this->id));
+ $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ?", $this->id);
$this->dataRecord["username"] = $data['username'];
$this->dataRecord["dir"] = $data['dir'];
$this->dataRecord['username_prefix'] = $data['username_prefix'];
@@ -183,14 +183,14 @@ class page_action extends tform_actions {
//* When the site of the webdav user has been changed
if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);
$server_id = $app->functions->intval($web["server_id"]);
// The webdav user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $sql = "UPDATE webdav_user SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE webdav_user_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE webdav_user SET server_id = ?, sys_groupid = ? WHERE webdav_user_id = ?";
+ $app->db->query($sql, $server_id, $sys_groupid, $this->id);
}
/*
@@ -200,7 +200,7 @@ class page_action extends tform_actions {
if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $this->dataRecord['passwordOld'])) {
$hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);
$this->dataRecord["password"] = $hash;
- $app->db->query("UPDATE webdav_user SET password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id);
+ $app->db->query("UPDATE webdav_user SET password = ? WHERE webdav_user_id = ?", $this->dataRecord["password"], $this->id);
}
}
diff --git a/interface/web/themes/blue/css/styles.css b/interface/web/themes/blue/css/styles.css
deleted file mode 100644
index 2843c9f4486f2a8eede00ef334043e7d3e5091b9..0000000000000000000000000000000000000000
--- a/interface/web/themes/blue/css/styles.css
+++ /dev/null
@@ -1,1876 +0,0 @@
-@charset "UTF-8";
-/*
- Document : styles.css
- Created on : 06.07.2012, 12:21:59
- Author : Christian Foellmann (foe-services.de)
- Description:
- Basis was css-code from the "ISPConfig 3: default theme" which was based on
- "Yet Another Multicolumn Layout" - (X)HTML/CSS Framework 3.0.6
- by Copyright 2005-2008, Dirk Jesse (http://www.yaml.de)
-*/
-
-/* overall
--------------------------------------------------------------- */
-* {
- margin: 0;
- padding: 0;
-}
-html * { font-size: 100.01% }
-body {
- font-family: "Trebuchet MS", sans-serif;
- font-size: 75.00%;
- color: #444;
- background: url("../../default/images/screen_bg.png") repeat-x top left fixed #EEEEEE;
- padding: 10px 0;
-}
-ul, ol, dl { line-height: 1.5em; margin: 0 0 1em 1em }
-li { margin-left: 1.5em; line-height: 1.5em }
-dt { font-weight: bold }
-dd { margin: 0 0 1em 2em }
-a {
- color: #444;
- text-decoration:none;
-}
-a:focus,
-a:hover,
-a:active {
- color:#182E7A;
- text-decoration:underline;
-}
-hr {
- color: #fff;
- background:transparent;
- margin: 0 0 0.5em 0;
- padding: 0 0 0.5em 0;
- border:0;
- border-bottom: 1px #eee solid;
-}
-textarea, pre, tt, code {
- font-family: Consolas,"Lucida Console","Courier New",monospace;
- font-size: 0.9em;
-}
-
-h1,h2,h3,h4,h5,h6 {
- font-family: "Trebuchet MS", sans-serif;
- font-weight:bold;
- color:#666;
- margin: 0 0 0.25em 0;
-}
-h1 { font-size: 200% } /* 24px */
-h2 { font-size: 200% } /* 24px */
-h3 { font-size: 150% } /* 18px */
-h4 { font-size: 133.33% } /* 16px */
-h5 { font-size: 116.67% } /* 14px */
-h6 { font-size: 116.67%; font-style:italic } /* 14px */
-
-p { line-height: 1.5em; margin: 0 0 1em 0; }
-
-cite, blockquote { font-style:italic }
-blockquote { margin: 0 0 1em 1.5em }
-
-strong,b { font-weight: bold }
-em,i { font-style:italic }
-
-pre, code { font-family: monospace; font-size: 1.1em; }
-
-acronym, abbr {
- letter-spacing: .07em;
- border-bottom: .1em dashed #c00;
- cursor: help;
-}
-
-header, #nav, #main, footer {
- clear: both;
-}
-#page {
- min-width: 980px;
- max-width: 80%;
- background: #fff;
- text-align:left;
- margin: 0 auto;
- padding: 10px;
-}
-.skip, .hideme, .print {
- height: 1px;
- left: -1000em;
- position: absolute;
- top: -1000em;
- width: 1px;
-}
-
-/* header
--------------------------------------------------------------- */
-header {
- position: relative;
- color: #faf0e6;
- padding: 15px 2em 5px 20px;
- background: url("../images/header_bg.png") repeat-x top left #6da1ed;
-}
-header h1 {
- font-size:2.5em;
- letter-spacing:-2px;
- line-height:65%;
- color: silver;
-}
-header span {
- color: #333333;
-}
-
-/* header/topsubnav
--------------------------------------------------------------- */
-#topsubnav {
- position:absolute;
- top: 10px;
- right: 10px;
- text-align: right;
-}
-#topsubnav a {
- color: #6da0ed;
- font-weight: normal;
- background:transparent;
- text-decoration:none;
-}
-#topsubnav a:focus,
-#topsubnav a:hover,
-#topsubnav a:active {
- text-decoration:underline;
- background-color: transparent;
-}
-
-/* nav
--------------------------------------------------------------- */
-#topNav ul {
- list-style: none;
- padding: 0 0 0 20px;
- margin: 0;
- background: #6da1ed
-}
-
-#topNav ul li {
- display: inline;
- margin: 0 2px 0 0;
-}
-
-#topNav a {
- background: url("../icons/x32_sprite.png") no-repeat #6DA1ED;
- border-top-left-radius:5px;
- border-top-right-radius:5px;
- color:black;
- display:inline-block;
- height:20px;
- padding-top:37px;
- text-align:center;
- text-decoration:none;
- min-width:78px;
-}
-
-#topNav a:hover {
- background-color: #eeeeee;
- color: #000000;
-}
-
-#topNav #topNav_current a {
- font-weight: bold;
- color: black;
- background-color: #ffffff;
-}
-.topnav-tools { background-position: 22px -10px !important; }
-.topnav-admin { background-position: 22px -74px !important; }
-.topnav-sites { background-position: 22px -523px !important; }
-.topnav-monitor { background-position: 22px -585px !important; }
-.topnav- { background-position: 22px -650px !important; }
-.topnav-help { background-position: 22px -715px !important; }
-.topnav-mail { background-position: 22px -780px !important; }
-.topnav-mailuser { background-position: 22px -780px !important; }
-.topnav-vm { background-position: 22px -842px !important; }
-.topnav-domain { background-position: 22px -905px !important; }
-.topnav-dns { background-position: 22px -970px !important; }
-.topnav-dashboard { background-position: 22px -1035px !important; }
-.topnav-client { background-position: 22px -1098px !important; }
-.topnav-billing { background-position: 22px -1162px !important; }
-#topNav a span {
- padding: 0 3px;
- }
-/* main
--------------------------------------------------------------- */
-#main {
- background: #fff;
- padding: 1em 0;
-}
-
-/* main/sideNav + submenu
--------------------------------------------------------------- */
-#sideNav {
- width: 200px;
- float:left;
- padding: 0 10px 0 0;
-}
-
-#submenu {
- width: 100%;
- overflow: hidden;
- margin: 0px;
- list-style-type: none;
- border-bottom: 2px #ddd solid;
-}
-
-#submenu ul {
- list-style-type: none;
- margin:0;
- padding: 0;
-}
-#submenu li {
- float:left;
- width: 100%;
- margin:0;
- padding: 0;
- font-size:0.9em;
-}
-
-#submenu a,
-#submenu strong {
- display:block;
- width: 90%;
- padding: 2px 0px 2px 10%;
- text-decoration: none;
- background-color:#fff;
- color: #444;
- border-bottom: 1px #eee solid;
-}
-
-/* Menu Title */
-#submenu li.title {
- width: 100%;
- padding: 0px;
- font-weight: bold;
- color: #444;
- background-color: #fff;
- border-top: 2px #888 solid;
- font-size: 1.1em;
-}
-
-#submenu li.title a {
- background-color: #444;
- color: #fff;
-}
-#submenu li.title a:hover {
- color: white;
-}
-
-#submenu li span {
- display:block;
- width: 90%;
- padding: 3px 0px 3px 10%;
- font-weight: bold;
- border-bottom: 1px #ddd solid;
-}
-
-/* Level 1 */
-#submenu li.active,
-#submenu li strong {
- width: 90%;
- padding: 3px 0px 3px 10%;
- font-weight: bold;
- color: #fff;
- background-color:#aab;
- border-bottom: 1px #eee solid;
-}
-
-#submenu li a {
- width: 90%;
- padding-left: 10%;
- background-color:#fff;
- color: #444;
-}
-#submenu li a:focus,
-#submenu li a:hover,
-#submenu li a:active {
- background-color:#444;
- color: #fff;
-}
-
-/* Form-Elements in the Menu*/
-#submenu * select#server_id {
- margin: 3px 10%;
- padding: 1px;
- width: 80%;
-}
-
-/* main/content
--------------------------------------------------------------- */
-#content {
- margin-left: 200px;
- margin-right: 0;
- padding: 0px 10px 10px 20px;
- border-left: 1px #ddd solid;
-}
-
-/* footer
--------------------------------------------------------------- */
-
-footer {
- color:#666;
- background: #f9f9f9;
- padding: 10px 20px;
- border-top: 5px #efefef solid;
- font-size: 0.8em;
- text-align: center;
-}
-footer a {
- color: #999;
- background:transparent;
- font-weight: bold;
-}
-footer a:hover, footer a:active {
- color: #4D87C7;
- background-color: transparent;
- text-decoration:underline;
-}
-
-/* Set a background-color, no system backgorund used anymore */
-select, input, textarea {
- background: #FFFFFF;
- border: 1px solid #DFDFDF;
- padding: 1px;
- outline:none;
-}
-
-table { width: auto; border-collapse:collapse; margin-bottom: 0.5em; }
-table.full { width: 100%; }
-table.fixed { table-layout:fixed }
-
-table.list td {
- max-width: 350px;
- min-width: 32px;
- white-space: nowrap;
- overflow:hidden;
- text-overflow: ellipsis;
- -o-text-overflow: ellipsis;
- -icab-text-overflow: ellipsis;
- -khtml-text-overflow: ellipsis;
- -moz-text-overflow: ellipsis;
- -webkit-text-overflow: ellipsis;
-}
-th,
-td {
- padding: 0.5em;
- text-align:left;
-}
-thead th {
- background: #444 url("../images/lists_thead_bg.png") repeat-x;
- color: #fff;
-}
-tbody th {
- background: #ccc;
- color: #333;
-}
-tbody th.sub {
- background: #ddd;
- color: #333;
-}
-table.list th[class$="_pid"],
-table.list td[class$="_pid"],
-table.list th[class$="_active"],
-table.list td[class$="_active"],
-table.list th.tbl_col_autoresponder,
-table.list td.tbl_col_autoresponder,
-table.list th.tbl_col_postfix,
-table.list td.tbl_col_postfix,
-table.list th.tbl_col_disablesmtp,
-table.list td.tbl_col_disablesmtp,
-table.list th.tbl_col_disableimap,
-table.list td.tbl_col_disableimap,
-table.list th.tbl_col_disablepop3,
-table.list td.tbl_col_disablepop3 {
- width: 70px;
- text-align: center;
-}
-table.list .tbl_col_buttons,
-table.list .tbl_col_limit {
- width: 150px;
-}
-.tbl_col_client_pid input {
- width: 50px;
-}
-.pnl_listarea th[class^="tbl_col"] { cursor:pointer; }
-.pnl_listarea th[class^="tbl_col"]:hover { background-position:0 -15px!important; }
-.pnl_listarea th.tbl_col_nosort { cursor:default; }
-.pnl_listarea th.tbl_col_nosort:hover { background-position:0 0!important; }
-
-.pageForm_description { font-size: 12px; }
-
-/* Tab-Box */
-.tabbox_tabs { border-bottom: 1px solid #d3d3d3; }
-.tabbox_tabs ul {
- list-style: none;
- padding: 0;
- margin: 0;
-}
-.tabbox_tabs li {
- display: inline;
- margin: 0 2px 0 0;
-}
-.tabbox_tabs a {
- padding: 0 1em;
- text-decoration: none;
- color: black;
- background: #d3d3d3;
- border: 1px solid #d3d3d3;
-}
-.tabbox_tabs a:hover {
- background: #fc0;
- color: #540;
-}
-.tabbox_tabs .active a {
- font-weight: bold;
- color: #ff6600;
- background: #ffffff;
-}
-.pnl_toolsarea fieldset, .pnl_listarea fieldset, .pnl_formsarea fieldset {
- border-top: 1px solid #949494;
- margin: 20px 0;
-}
-.pnl_toolsarea fieldset legend , .pnl_listarea fieldset legend {
- font-weight: bold;
- color: #6299c5;
-}
-.pnl_formarea fieldset {
- font-weight: bold;
-}
-/* hide line and legend when inside tabbed content */
-#tabbox_content * .pnl_toolsarea fieldset, #tabbox_content * .pnl_listarea fieldset, #tabbox_content * .pnl_formsarea fieldset { border: none !important; }
-#tabbox_content * .pnl_toolsarea fieldset legend, #tabbox_content * .pnl_listarea fieldset legend, #tabbox_content * .pnl_formsarea fieldset legend { display: none !important; }
-.codeview {
- margin:20px 0;
- padding:2px;
- border: 1px solid #ffcc00;
- background: #fffaea;
- font-family: Consolas, "Lucida Console", "Courier New", monospace;
- font-size: 0.9em;
-}
-/* Lists */
-table.list {
- width: 100%;
- border: 1px solid #d3d3d3 !important;
-}
-table.list thead th { font-size: 10px; }
-table.list tbody { border: 1px solid #d3d3d3 !important; }
-table.list tfoot td { text-align: center; background: #444 url("../images/lists_tfoot_bg.png") repeat-x bottom left; padding: 24px 8px 8px 8px; }
-table.list .tbl_paging img { vertical-align: top; }
-table.list .tbl_row_even { background: #fcfcfc; }
-table.list .tbl_row_uneven { background: #c2d2ea; }
-table.list tr:hover { background: #cffaaf; }
-table.list td { word-wrap:break-word;white-space:pre-wrap; }
-table.list td.tbl_col_buttons { word-wrap:normal;white-space:normal;overflow:visible; }
-
-/* Password Strength */
-#passBar {
- width: 101px; height: 10px;
- background: url("../../default/images/meter_bg.gif") repeat-x bottom left;
- margin: 2px 0;
- float: left;
-}
-#passText {
- padding: 0;
- float: left;
-}
-
-/* Systemmonitor */
-.systemmonitor-server,
-.systemmonitor-ve,
-.systemmonitor-state {
- margin: 10px 5px;
- font-family: Consolas, "Lucida Console", "Courier New", monospace;
- font-size: 0.9em;
- float: left;
- width: 100%;
-}
-.systemmonitor-server:hover,
-.systemmonitor-vm:hover { background-color: #FFFACD; }
-.state-no_state,
-.state-no_state-ve {
- border-top: 4px solid #95A19F;
- background-color: #f8f8ff;
-}
-.state-unknown,
-.state-unknown-ve {
- border-top: 4px solid #30302e;
- background-color: #cecfc5;
-}
-.state-ok,
-.state-ok-ve {
- border-top: 4px solid #23fb00;
- background-color: #adffa2;
-}
-.state-info,
-.state-info-ve {
- border-top: 4px solid #183e99;
- background-color: #d4e2ff;
-}
-.state-warning,
-.state-warning-ve {
- border-top: 4px solid #ffa800;
- background-color: #ffda93;
-}
-.state-critical,
-.state-critical-ve {
- border-top: 4px solid #ff0000;
- background-color: #ffb9b9;
-}
-.state-error,
-.state-error-ve {
- border-top: 4px solid #ff0000;
- background-color: #ff7f7f;
-}
-div.icoDevice {
- float: left;
- width: 64px;
- height: 64px;
- margin: 5px;
- background: url("../../default/icons/device_sprite.png") no-repeat transparent;
-}
-.systemmonitor-server div.icoDevice { background-position: 0 0; }
-.systemmonitor-ve div.icoDevice { background-position: -64px 0; }
-.systemmonitor-network div.icoDevice { background-position: -128px 0; }
-div.statusDevice,
-div.statusMsg { float: left; }
-div.statusMsg p {
- float: left;
- padding: 5px;
-}
-.systemmonitor-state .status {
- margin: 5px;
-}
-.status {
- float: right;
- width: 32px;
- height: 32px;
- background: url("../icons/x32_sprite.png") no-repeat transparent;
-}
-div.status {
- float: left !important;
-}
-.state-warning .status,
-.state-warning-ve .status { background-position: 0 -143px; }
-.state-no_state .status,
-.state-no_state-ve .status,
-.state-unknown .status,
-.state-unknown-ve .status { background-position: 0 -207px; }
-.state-ok .status,
-.state-ok-ve .status { background-position: 0 -270px; }
-.state-info .status,
-.state-info-ve .status { background-position: 0 -336px; }
-.state-error .status,
-.state-error-ve .status { background-position: 0 -400px; }
-.state-critical .status,
-.state-critical-ve .status { background-position: 0 -463px; }
-
-/* Usage unknown
-.systemmonitor-content table {
- border: none;
- margin-top: 10px;
-}
-
-.systemmonitor-content * .online {
- border: 1px solid #ffffff;
- background-color: #E3FFB8;
- color: #000000;
- padding:0px 5px;
-}
-.systemmonitor-content * .offline {
- border: 1px solid #ffffff;
- background-color: #d12f19;
- color:#ffffff;
- padding:0px 5px;
-}*/
-
-/* Dashboard */
-.dashboard-modules {
- float:left;
- width:60px;
- height: 60px;
- border:1px dotted #888888;
- border-radius:5px;
- background-color: #cccccc;
- margin:10px;
- background-position: center 5px;
- background-repeat: no-repeat;
- text-align: center;
-}
-.dashboard-modules a,
-.dashboard-modules a:hover {
- background: url("../icons/x32_sprite.png") no-repeat transparent;
- color:Black;
- display:block;
- font-weight:bold;
- height:30px;
- padding-top:42px;
- width:60px;
- text-decoration: none;
-}
-.dashboard-modules.tools a { background-position: 12px -9px; }
-.dashboard-modules.admin a { background-position: 12px -73px; }
-.dashboard-modules.sites a { background-position: 12px -520px; }
-.dashboard-modules.monitor a { background-position: 13px -585px; }
-.dashboard-modules.help a { background-position: 13px -716px; }
-.dashboard-modules.mail a { background-position: 12px -776px; }
-.dashboard-modules.vm a { background-position: 14px -842px; }
-.dashboard-modules.domain a { background-position: 12px -905px; }
-.dashboard-modules.dns a { background-position: 12px -970px; }
-.dashboard-modules.client a { background-position: 13px -1096px; }
-.dashboard-modules.billing a { background-position: 14px -1162px; }
-
-.panel_dashboard h2 { font-size:20px; }
-
-/* Image-Replacement */
-.swap { background-repeat:no-repeat; }
-.swap span { display:none; height:16px; }
-#ir-HeaderLogo {
- background-image: url("../../default/images/header_logo.png");
- height:32px;
- margin:0 0 0.2em;
-}
-div#ir-Yes,
-div#ir-No {
- text-align: center;
- background: url("../../default/icons/x16_sprite.png") no-repeat transparent;
-}
-#ir-Yes {
- background-position: center -342px !important;
- height: 16px;
-}
-#ir-No {
- background-position: center -362px !important;
- height: 16px;
-}
-.swap {
- background-repeat: no-repeat;
-}
-.swap span {
- display: none;
- height: 16px;
-}
-/* BUTTONS */
-a.button,
-.button,
-.buttons button {
- display: inline-block;
- margin: 0 2px;
- padding: 2px 5px;
- color: #525252;
- text-shadow: 0px 1px 1px #fff;
- border: 1px solid #c6c6c6;
- border-radius: 4px;
- background-color: #f7f7f7;
- box-shadow: 0 1px 1px 0 rgba(140, 140, 140, 0.3);
- -o-box-shadow: 0 1px 1px 0 rgba(140, 140, 140, 0.3);
- -webkit-box-shadow: 0 1px 1px 0 rgba(140, 140, 140, 0.3);
- -moz-box-shadow: 0 1px 1px 0 rgba(140, 140, 140, 0.3);
- text-decoration: none;
-}
-a.button:focus,
-input.button:focus,
-.buttons button:focus {
- border-color: #4fadd5;
- box-shadow: 0 0 2px 1px rgba(71,135,177, 0.6);
- -moz-box-shadow: 0 0 2px 1px rgba(71,135,177, 0.6);
- -webkit-box-shadow: 0 0 2px 1px rgba(71,135,177, 0.6);
- -o-box-shadow: 0 0 2px 1px rgba(71,135,177, 0.6);
- outline: none;
-}
-.buttons button[type]{
- padding:5px 10px 5px 7px; /* Firefox */
- line-height:17px; /* Safari */
- white-space: nowrap;
-}
-*:first-child+html button[type]{
- padding:4px 10px 3px 7px; /* IE7 */
-}
-.buttons button img,
-.buttons a img {
- margin:0 3px -3px 0 !important;
- padding:0;
- border:none;
- width:16px;
- height:16px;
-}
-.topbuttons {
- margin-bottom: 10px;
-}
-/* BUTTONS STANDARD */
-button:hover,
-.buttons a:hover {
- background-color:#dff4ff;
- border:1px solid #c2e1ef;
- color:#336699;
-}
-.buttons a:active {
- background-color:#6299c5;
- border:1px solid #6299c5;
- color:#fff;
-}
-
-/* BUTTONS POSITIVE */
-button.positive,
-.buttons a.positive { color:#529214; }
-.buttons a.positive:hover,
-button.positive:hover {
- background-color:#E6EFC2;
- border:1px solid #C6D880;
- color:#529214;
-}
-.buttons a.positive:active {
- background-color:#529214;
- border:1px solid #529214;
- color:#fff;
-}
-
-/* BUTTONS NEGATIVE */
-.buttons a.negative,
-button.negative {
- color:#d12f19;
-}
-.buttons a.negative:hover,
-button.negative:hover {
- background-color:#fbe3e4;
- border:1px solid #fbc2c4;
- color:#d12f19;
-}
-.buttons a.negative:active {
- background-color:#d12f19;
- border:1px solid #d12f19;
- color:#fff;
-}
-
-/* Button with icon and text */
-.iconstxt { background: url("../../default/icons/button_sprite.png") no-repeat transparent; }
-.iconstxt span { padding-left: 20px; font-weight: bold; }
-.iconstxt.icoPositive { background-position: 6px -130px; }
-.iconstxt.icoNegative { background-position: 6px -98px; }
-.iconstxt.icoAdd { background-position: 6px -66px; }
-.iconstxt.icoKey { background-position: 6px -1px; }
-.iconstxt.icoDelete { background-position: 6px -34px; }
-.iconstxt.icoDownload { background-position: 6px -1px; }
-.iconstxt.icoRestore { background-position: 6px -1px; }
-
-/* Button with icon and without text */
-.icons16 { position: relative; }
-.icons16>span {
- opacity: 0;
- visibility: hidden;
- -webkit-transition: opacity 1s linear;
- -moz-transition: opacity 1s linear;
- -o-transition: opacity 1s linear;
- -ms-transition: opacity 1s linear;
- transition: opacity 1s linear;
- position: absolute;
- right: 23px;
- top: -1px;
- padding: 1px 2px;
- border: 1px solid rgb(155,155,11);
- background: rgb(255,255,111);
- white-space: nowrap;
-}
-.icons16:hover>span {
- opacity: 1.0;
- visibility: visible;
-}
-a.icons16 {
- height: 18px;
- width: 18px;
- padding: 0;
- background: url("../../default/icons/x16_sprite.png") no-repeat transparent;
-}
-button.icons16 {
- height: 20px;
- width: 20px;
- padding: 0;
- background: url("../../default/icons/x16_sprite.png") no-repeat transparent;
-}
-.icons16.icoEdit { background-position: -1px -1px; }
-.icons16.icoLoginAs { background-position: -1px -21px; }
-.icons16.icoPDF { background-position: -1px -61px; }
-.icons16.icoDelete { background-position: -1px -81px; }
-.icons16.icoWebmailer { background-position: -1px -101px; }
-.icons16.icoFilter { background-position: -1px -161px; }
-.icons16.icoDbAdmin { background-position: -1px -221px; }
-.icons16.icoAction { background-position: -1px -241px; }
-.icons16.icoLink { background-position: -1px -422px; float: right; }
-
-div.group-icon {
- float: left;
- padding: 2px 0;
-}
-.group-admin,
-.group-user {
- height: 20px;
- width: 20px;
- padding: 0;
- float: left;
- background: url("../../default/icons/x16_sprite.png") no-repeat transparent;
-}
-.group-admin { background-position: 0 -380px; }
-.group-user { background-position: 0 -400px; }
-
-span.marked { color: #cc0000; }
-span.small { font-size: 0.9em; }
-
-#ajaxloader {
- position: absolute;
- width: 325px;
- height: 150px;
- background: #ffffff url('../images/ajax-loader.gif') no-repeat center center;
- border: solid 2px #e1e1e1;
- border-radius: 10px;
- /*background: rgba(255, 255, 255, 0.85);*/
- padding: 20px;
- text-align:center;
- z-index: 100;
-}
-.blockLabel.email_at {
- width: 20px !important;
- margin: 1.6em 0.3em 0 0 !important;
-}
-.textDisplay { display: block; }
-
-/* Form Length Classes */
-.textInput.formLengthBool { width: 25px !important; }
-.selectInput.formLengthBool { width: 60px !important; }
-.textInput.formLengthLimit { width: 50px !important; }
-.selectInput.formLengthLimit { width: 85px !important; }
-.formLengthDate { width: 75px !important; }
-.formLengthIPv4 { width: 125px !important; }
-.formLengthIPv6 { }
-.formLengthEmailUser { width: 30% !important; }
-.formLengthEmailDomain { width: 30% !important; }
-.formLengthHalf { width: 15% !important; }
-.formLengthDouble { width: 50% !important; }
-
-/* Individual Form Lengths */
-.textInput#username,
-.textInput#password,
-.textInput#passwort,
-.textInput#source_password { width: 100px; }
-.selectInput#language { width: 75px; }
-.selectInput#client_group_id, .selectInput#default_group { width: 125px; }
-input#refresh, input#retry, input#expire, input#minimum, input#ttl { width: 50px !important; }
-
-/* --- */
-
-a[href $="#logout"] {
- padding-right: 20px;
- background: url("../../default/icons/x16_sprite.png") no-repeat right -143px transparent !important;
-}
-
-/* Select Menu with Images */
-select.withicons option {
- background-repeat:no-repeat;
- background-position: 1px;
- padding-left:24px;
-}
-div[class^=country-] {
- background-image: url("../../default/icons/flags_sprite.png");
- background-repeat: no-repeat;
- height: 20px;
- width: 26px;
-}
-li[class^=country-] {
- background-image: url("../../default/icons/flags_sprite.png");
- background-repeat: no-repeat;
- text-indent: 24px;
-}
-li[class^=country-] a.ui-state-hover { background: transparent; }
-div[class^=country-] span {
- display: none;
-}
-select.flags option {
- background-image: url("../../default/icons/flags_sprite.png");
- background-repeat: no-repeat;
- padding: 1px 0 1px 30px;
-}
-select.flags option[value=EL] {background-position:0 -1475px}
-select.flags option[value=AD], select.flags option[value=ad], .country-AD {background-position:0 -1px}
-select.flags option[value=AE], select.flags option[value=ae], .country-AE {background-position:0 -23px}
-select.flags option[value=AF], select.flags option[value=af], .country-AF {background-position:0 -45px}
-select.flags option[value=AG], select.flags option[value=ag], .country-AG {background-position:0 -67px}
-select.flags option[value=AI], select.flags option[value=ai], .country-AI {background-position:0 -89px}
-select.flags option[value=AL], select.flags option[value=al], .country-AL {background-position:0 -111px}
-select.flags option[value=AM], select.flags option[value=am], .country-AM {background-position:0 -133px}
-select.flags option[value=AN], select.flags option[value=an], .country-AN {background-position:0 -155px}
-select.flags option[value=AO], select.flags option[value=ao], .country-AO {background-position:0 -177px}
-select.flags option[value=AQ], select.flags option[value=aq], .country-AQ {background-position:0 -199px}
-select.flags option[value=AR], select.flags option[value=ar], .country-AR {background-position:0 -221px}
-select.flags option[value=AS], select.flags option[value=as], .country-AS {background-position:0 -243px}
-select.flags option[value=AT], select.flags option[value=at], .country-AT {background-position:0 -265px}
-select.flags option[value=AU], select.flags option[value=au], .country-AU {background-position:0 -287px}
-select.flags option[value=AW], select.flags option[value=aw], .country-AW {background-position:0 -309px}
-select.flags option[value=AX], select.flags option[value=ax], .country-AX {background-position:0 -331px}
-select.flags option[value=AZ], select.flags option[value=az], .country-AZ {background-position:0 -353px}
-select.flags option[value=BA], select.flags option[value=ba], .country-BA {background-position:0 -375px}
-select.flags option[value=BB], select.flags option[value=bb], .country-BB {background-position:0 -397px}
-select.flags option[value=BD], select.flags option[value=bd], .country-BD {background-position:0 -419px}
-select.flags option[value=BE], select.flags option[value=be], .country-BE {background-position:0 -441px}
-select.flags option[value=BF], select.flags option[value=bf], .country-BF {background-position:0 -463px}
-select.flags option[value=BG], select.flags option[value=bg], .country-BG {background-position:0 -485px}
-select.flags option[value=BH], select.flags option[value=bh], .country-BH {background-position:0 -507px}
-select.flags option[value=BI], select.flags option[value=bi], .country-BI {background-position:0 -529px}
-select.flags option[value=BJ], select.flags option[value=bj], .country-BJ {background-position:0 -551px}
-select.flags option[value=BM], select.flags option[value=bm], .country-BM {background-position:0 -573px}
-select.flags option[value=BN], select.flags option[value=bn], .country-BN {background-position:0 -595px}
-select.flags option[value=BO], select.flags option[value=bo], .country-BO {background-position:0 -617px}
-select.flags option[value=BR], select.flags option[value=br], .country-BR {background-position:0 -639px}
-select.flags option[value=BS], select.flags option[value=bs], .country-BS {background-position:0 -661px}
-select.flags option[value=BT], select.flags option[value=bt], .country-BT {background-position:0 -683px}
-select.flags option[value=BV], select.flags option[value=bv], .country-BV {background-position:0 -705px}
-select.flags option[value=BW], select.flags option[value=bw], .country-BW {background-position:0 -727px}
-select.flags option[value=BY], select.flags option[value=by], .country-BY {background-position:0 -749px}
-select.flags option[value=BZ], select.flags option[value=bz], .country-BZ {background-position:0 -771px}
-select.flags option[value=CA], select.flags option[value=ca], .country-CA {background-position:0 -793px}
-select.flags option[value=CC], select.flags option[value=cc], .country-CC {background-position:0 -837px}
-select.flags option[value=CD], select.flags option[value=cd], .country-CD {background-position:0 -859px}
-select.flags option[value=CF], select.flags option[value=cf], .country-CF {background-position:0 -881px}
-select.flags option[value=CG], select.flags option[value=cg], .country-CG {background-position:0 -903px}
-select.flags option[value=CH], select.flags option[value=ch], .country-CH {background-position:0 -925px}
-select.flags option[value=CI], select.flags option[value=ci], .country-CI {background-position:0 -947px}
-select.flags option[value=CK], select.flags option[value=ck], .country-CK {background-position:0 -969px}
-select.flags option[value=CL], select.flags option[value=cl], .country-CL {background-position:0 -991px}
-select.flags option[value=CM], select.flags option[value=cm], .country-CM {background-position:0 -1013px}
-select.flags option[value=CN], select.flags option[value=cn], .country-CN {background-position:0 -1035px}
-select.flags option[value=CO], select.flags option[value=co], .country-CO {background-position:0 -1057px}
-select.flags option[value=CR], select.flags option[value=cr], .country-CR {background-position:0 -1079px}
-select.flags option[value=CS], select.flags option[value=cs], .country-CS {background-position:0 -1101px}
-select.flags option[value=CU], select.flags option[value=cu], .country-CU {background-position:0 -1123px}
-select.flags option[value=CV], select.flags option[value=cv], .country-CV {background-position:0 -1145px}
-select.flags option[value=CX], select.flags option[value=cx], .country-CX {background-position:0 -1167px}
-select.flags option[value=CY], select.flags option[value=cy], .country-CY {background-position:0 -1189px}
-select.flags option[value=CZ], select.flags option[value=cz], .country-CZ {background-position:0 -1211px}
-select.flags option[value=DE], select.flags option[value=de], .country-DE {background-position:0 -1233px}
-select.flags option[value=DJ], select.flags option[value=dj], .country-DJ {background-position:0 -1255px}
-select.flags option[value=DK], select.flags option[value=dk], .country-DK {background-position:0 -1277px}
-select.flags option[value=DM], select.flags option[value=dm], .country-DM {background-position:0 -1299px}
-select.flags option[value=DO], select.flags option[value=do], .country-DO {background-position:0 -1321px}
-select.flags option[value=DZ], select.flags option[value=dz], .country-DZ {background-position:0 -1343px}
-select.flags option[value=EC], select.flags option[value=ec], .country-EC {background-position:0 -1365px}
-select.flags option[value=EE], select.flags option[value=ee], .country-EE {background-position:0 -1387px}
-select.flags option[value=EG], select.flags option[value=eg], .country-EG {background-position:0 -1409px}
-select.flags option[value=EH], select.flags option[value=eh], .country-EH {background-position:0 -1431px}
-select.flags option[value=ER], select.flags option[value=er], .country-ER {background-position:0 -1475px}
-select.flags option[value=ES], select.flags option[value=es], .country-ES {background-position:0 -1497px}
-select.flags option[value=ET], select.flags option[value=ET], select.flags option[value=et], .country-ET {background-position:0 -1519px}
-select.flags option[value=FI], select.flags option[value=fi], .country-FI {background-position:0 -1585px}
-select.flags option[value=FJ], select.flags option[value=fj], .country-FJ {background-position:0 -1607px}
-select.flags option[value=FK], select.flags option[value=fk], .country-FK {background-position:0 -1629px}
-select.flags option[value=FM], select.flags option[value=fm], .country-FM {background-position:0 -1651px}
-select.flags option[value=FO], select.flags option[value=fo], .country-FO {background-position:0 -1673px}
-select.flags option[value=FR], select.flags option[value=fr], .country-FR {background-position:0 -1695px}
-select.flags option[value=GA], select.flags option[value=ga], .country-GA {background-position:0 -1717px}
-select.flags option[value=GB], select.flags option[value=en], select.flags option[value=gb], .country-GB, .country-EN {background-position:0 -1739px}
-select.flags option[value=GD], select.flags option[value=gd], .country-GD {background-position:0 -1761px}
-select.flags option[value=GE], select.flags option[value=ge], .country-GE {background-position:0 -1783px}
-select.flags option[value=GF], select.flags option[value=gf], .country-GF {background-position:0 -1805px}
-select.flags option[value=GH], select.flags option[value=gh], .country-GH {background-position:0 -1827px}
-select.flags option[value=GI], select.flags option[value=gi], .country-GI {background-position:0 -1849px}
-select.flags option[value=GL], select.flags option[value=gl], .country-GL {background-position:0 -1871px}
-select.flags option[value=GM], select.flags option[value=gm], .country-GM {background-position:0 -1893px}
-select.flags option[value=GN], select.flags option[value=gn], .country-GN {background-position:0 -1915px}
-select.flags option[value=GP], select.flags option[value=gp], .country-GP {background-position:0 -1937px}
-select.flags option[value=GQ], select.flags option[value=gq], .country-GQ {background-position:0 -1959px}
-select.flags option[value=GR], select.flags option[value=el], select.flags option[value=gr], .country-GR, .country-EL {background-position:0 -1981px}
-select.flags option[value=GS], select.flags option[value=gs], .country-GS {background-position:0 -2003px}
-select.flags option[value=GT], select.flags option[value=gt], .country-GT {background-position:0 -2025px}
-select.flags option[value=GU], select.flags option[value=gu], .country-GU {background-position:0 -2047px}
-select.flags option[value=GW], select.flags option[value=gw], .country-GW {background-position:0 -2069px}
-select.flags option[value=GY], select.flags option[value=gy], .country-GY {background-position:0 -2091px}
-select.flags option[value=HK], select.flags option[value=hk], .country-HK {background-position:0 -2113px}
-select.flags option[value=HM], select.flags option[value=hm], .country-HM {background-position:0 -2135px}
-select.flags option[value=HN], select.flags option[value=hn], .country-HN {background-position:0 -2157px}
-select.flags option[value=HR], select.flags option[value=hr], .country-HR {background-position:0 -2179px}
-select.flags option[value=HT], select.flags option[value=ht], .country-HT {background-position:0 -2201px}
-select.flags option[value=HU], select.flags option[value=hu], .country-HU {background-position:0 -2223px}
-select.flags option[value=ID], select.flags option[value=id], .country-ID {background-position:0 -2245px}
-select.flags option[value=IE], select.flags option[value=ie], .country-IE {background-position:0 -2267px}
-select.flags option[value=IL], select.flags option[value=il], .country-IL {background-position:0 -2289px}
-select.flags option[value=IN], select.flags option[value=in], .country-IN {background-position:0 -2311px}
-select.flags option[value=IO], select.flags option[value=io], .country-IO {background-position:0 -2333px}
-select.flags option[value=IQ], select.flags option[value=iq], .country-IQ {background-position:0 -2355px}
-select.flags option[value=IR], select.flags option[value=ir], .country-IR {background-position:0 -2377px}
-select.flags option[value=IS], select.flags option[value=is], .country-IS {background-position:0 -2399px}
-select.flags option[value=IT], select.flags option[value=it], .country-IT {background-position:0 -2421px}
-select.flags option[value=JM], select.flags option[value=jm], .country-JM {background-position:0 -2443px}
-select.flags option[value=JO], select.flags option[value=jo], .country-JO {background-position:0 -2465px}
-select.flags option[value=JP], select.flags option[value=ja], select.flags option[value=jp], .country-JP, .country-JA {background-position:0 -2487px}
-select.flags option[value=KE], select.flags option[value=ke], .country-KE {background-position:0 -2509px}
-select.flags option[value=KG], select.flags option[value=kg], .country-KG {background-position:0 -2531px}
-select.flags option[value=KH], select.flags option[value=kh], .country-KH {background-position:0 -2553px}
-select.flags option[value=KI], select.flags option[value=ki], .country-KI {background-position:0 -2575px}
-select.flags option[value=KM], select.flags option[value=km], .country-KM {background-position:0 -2597px}
-select.flags option[value=KN], select.flags option[value=kn], .country-KN {background-position:0 -2619px}
-select.flags option[value=KP], select.flags option[value=kp], .country-KP {background-position:0 -2641px}
-select.flags option[value=KR], select.flags option[value=kr], .country-KR {background-position:0 -2663px}
-select.flags option[value=KW], select.flags option[value=kw], .country-KW {background-position:0 -2685px}
-select.flags option[value=KY], select.flags option[value=ky], .country-KY {background-position:0 -2707px}
-select.flags option[value=KZ], select.flags option[value=kz], .country-KZ {background-position:0 -2729px}
-select.flags option[value=LA], select.flags option[value=la], .country-LA {background-position:0 -2751px}
-select.flags option[value=LB], select.flags option[value=lb], .country-LB {background-position:0 -2773px}
-select.flags option[value=LC], select.flags option[value=lc], .country-LC {background-position:0 -2795px}
-select.flags option[value=LI], select.flags option[value=li], .country-LI {background-position:0 -2817px}
-select.flags option[value=LK], select.flags option[value=lk], .country-LK {background-position:0 -2839px}
-select.flags option[value=LR], select.flags option[value=lr], .country-LR {background-position:0 -2861px}
-select.flags option[value=LS], select.flags option[value=ls], .country-LS {background-position:0 -2883px}
-select.flags option[value=LT], select.flags option[value=lt], .country-LT {background-position:0 -2905px}
-select.flags option[value=LU], select.flags option[value=lu], .country-LU {background-position:0 -2927px}
-select.flags option[value=LV], select.flags option[value=lv], .country-LV {background-position:0 -2949px}
-select.flags option[value=LY], select.flags option[value=ly], .country-LY {background-position:0 -2971px}
-select.flags option[value=MA], select.flags option[value=ma], .country-MA {background-position:0 -2993px}
-select.flags option[value=MC], select.flags option[value=mc], .country-MC {background-position:0 -3015px}
-select.flags option[value=MD], select.flags option[value=md], .country-MD {background-position:0 -3037px}
-select.flags option[value=ME], select.flags option[value=me], .country-ME {background-position:0 -3059px}
-select.flags option[value=MG], select.flags option[value=mg], .country-MG {background-position:0 -3081px}
-select.flags option[value=MH], select.flags option[value=mh], .country-MH {background-position:0 -3103px}
-select.flags option[value=MK], select.flags option[value=mk], .country-MK {background-position:0 -3125px}
-select.flags option[value=ML], select.flags option[value=ml], .country-ML {background-position:0 -3147px}
-select.flags option[value=MM], select.flags option[value=mm], .country-MM {background-position:0 -3169px}
-select.flags option[value=MN], select.flags option[value=mn], .country-MN {background-position:0 -3191px}
-select.flags option[value=MO], select.flags option[value=mo], .country-MO {background-position:0 -3213px}
-select.flags option[value=MP], select.flags option[value=mp], .country-MP {background-position:0 -3235px}
-select.flags option[value=MQ], select.flags option[value=mq], .country-MQ {background-position:0 -3257px}
-select.flags option[value=MR], select.flags option[value=mr], .country-MR {background-position:0 -3279px}
-select.flags option[value=MS], select.flags option[value=ms], .country-MS {background-position:0 -3301px}
-select.flags option[value=MT], select.flags option[value=mt], .country-MT {background-position:0 -3323px}
-select.flags option[value=MU], select.flags option[value=mu], .country-MU {background-position:0 -3345px}
-select.flags option[value=MV], select.flags option[value=mv], .country-MV {background-position:0 -3367px}
-select.flags option[value=MW], select.flags option[value=mw], .country-MW {background-position:0 -3389px}
-select.flags option[value=MX], select.flags option[value=mx], .country-MX {background-position:0 -3411px}
-select.flags option[value=MY], select.flags option[value=my], .country-MY {background-position:0 -3433px}
-select.flags option[value=MZ], select.flags option[value=mz], .country-MZ {background-position:0 -3455px}
-select.flags option[value=NA], select.flags option[value=na], .country-NA {background-position:0 -3477px}
-select.flags option[value=NC], select.flags option[value=nc], .country-NC {background-position:0 -3499px}
-select.flags option[value=NE], select.flags option[value=ne], .country-NE {background-position:0 -3521px}
-select.flags option[value=NF], select.flags option[value=nf], .country-NF {background-position:0 -3543px}
-select.flags option[value=NG], select.flags option[value=ng], .country-NG {background-position:0 -3565px}
-select.flags option[value=NI], select.flags option[value=ni], .country-NI {background-position:0 -3587px}
-select.flags option[value=NL], select.flags option[value=nl], .country-NL {background-position:0 -3609px}
-select.flags option[value=NO], select.flags option[value=no], .country-NO {background-position:0 -3631px}
-select.flags option[value=NP], select.flags option[value=np], .country-NP {background-position:0 -3653px}
-select.flags option[value=NR], select.flags option[value=nr], .country-NR {background-position:0 -3675px}
-select.flags option[value=NU], select.flags option[value=nu], .country-NU {background-position:0 -3697px}
-select.flags option[value=NZ], select.flags option[value=nz], .country-NZ {background-position:0 -3719px}
-select.flags option[value=OM], select.flags option[value=om], .country-OM {background-position:0 -3741px}
-select.flags option[value=PA], select.flags option[value=pa], .country-PA {background-position:0 -3763px}
-select.flags option[value=PE], select.flags option[value=pe], .country-PE {background-position:0 -3785px}
-select.flags option[value=PF], select.flags option[value=pf], .country-PF {background-position:0 -3807px}
-select.flags option[value=PG], select.flags option[value=pg], .country-PG {background-position:0 -3829px}
-select.flags option[value=PH], select.flags option[value=ph], .country-PH {background-position:0 -3851px}
-select.flags option[value=PK], select.flags option[value=pk], .country-PK {background-position:0 -3873px}
-select.flags option[value=PL], select.flags option[value=pl], .country-PL {background-position:0 -3895px}
-select.flags option[value=PM], select.flags option[value=pm], .country-PM {background-position:0 -3917px}
-select.flags option[value=PN], select.flags option[value=pn], .country-PN {background-position:0 -3939px}
-select.flags option[value=PR], select.flags option[value=pr], .country-PR {background-position:0 -3961px}
-select.flags option[value=PS], select.flags option[value=ps], .country-PS {background-position:0 -3983px}
-select.flags option[value=PT], select.flags option[value=pt], .country-PT {background-position:0 -4005px}
-select.flags option[value=PW], select.flags option[value=pw], .country-PW {background-position:0 -4027px}
-select.flags option[value=PY], select.flags option[value=py], .country-PY {background-position:0 -4049px}
-select.flags option[value=QA], select.flags option[value=qa], .country-QA {background-position:0 -4071px}
-select.flags option[value=RE], select.flags option[value=re], .country-RE {background-position:0 -4093px}
-select.flags option[value=RO], select.flags option[value=ro], .country-RO {background-position:0 -4115px}
-select.flags option[value=RS], select.flags option[value=rs], .country-RS {background-position:0 -4137px}
-select.flags option[value=RU], select.flags option[value=ru], .country-RU {background-position:0 -4159px}
-select.flags option[value=RW], select.flags option[value=rw], .country-RW {background-position:0 -4181px}
-select.flags option[value=SA], select.flags option[value=sa], .country-SA {background-position:0 -4203px}
-select.flags option[value=SB], select.flags option[value=sb], .country-SB {background-position:0 -4225px}
-select.flags option[value=SC], select.flags option[value=sc], .country-SC {background-position:0 -4247px}
-select.flags option[value=SD], select.flags option[value=sd], .country-SD {background-position:0 -4291px}
-select.flags option[value=SE], select.flags option[value=se], .country-SE {background-position:0 -4313px}
-select.flags option[value=SG], select.flags option[value=sg], .country-SG {background-position:0 -4335px}
-select.flags option[value=SH], select.flags option[value=sh], .country-SH {background-position:0 -4357px}
-select.flags option[value=SI], select.flags option[value=si], .country-SI {background-position:0 -4379px}
-select.flags option[value=SJ], select.flags option[value=sj], .country-SJ {background-position:0 -4401px}
-select.flags option[value=SK], select.flags option[value=sk], .country-SK {background-position:0 -4423px}
-select.flags option[value=SL], select.flags option[value=sl], .country-SL {background-position:0 -4445px}
-select.flags option[value=SM], select.flags option[value=sm], .country-SM {background-position:0 -4467px}
-select.flags option[value=SN], select.flags option[value=sn], .country-SN {background-position:0 -4489px}
-select.flags option[value=SO], select.flags option[value=so], .country-SO {background-position:0 -4511px}
-select.flags option[value=SR], select.flags option[value=sr], .country-SR {background-position:0 -4533px}
-select.flags option[value=ST], select.flags option[value=st], .country-ST {background-position:0 -4555px}
-select.flags option[value=SV], select.flags option[value=sv], .country-SV {background-position:0 -4577px}
-select.flags option[value=SY], select.flags option[value=sy], .country-SY {background-position:0 -4599px}
-select.flags option[value=SZ], select.flags option[value=sz], .country-SZ {background-position:0 -4621px}
-select.flags option[value=TC], select.flags option[value=tc], .country-TC {background-position:0 -4643px}
-select.flags option[value=TD], select.flags option[value=td], .country-TD {background-position:0 -4665px}
-select.flags option[value=TF], select.flags option[value=tf], .country-TF {background-position:0 -4687px}
-select.flags option[value=TG], select.flags option[value=tg], .country-TG {background-position:0 -4709px}
-select.flags option[value=TH], select.flags option[value=th], .country-TH {background-position:0 -4731px}
-select.flags option[value=TJ], select.flags option[value=tj], .country-TJ {background-position:0 -4753px}
-select.flags option[value=TK], select.flags option[value=tk], .country-TK {background-position:0 -4775px}
-select.flags option[value=TL], select.flags option[value=tl], .country-TL {background-position:0 -4797px}
-select.flags option[value=TM], select.flags option[value=tm], .country-TM {background-position:0 -4819px}
-select.flags option[value=TN], select.flags option[value=tn], .country-TN {background-position:0 -4841px}
-select.flags option[value=TO], select.flags option[value=to], .country-TO {background-position:0 -4863px}
-select.flags option[value=TR], select.flags option[value=tr], .country-TR {background-position:0 -4885px}
-select.flags option[value=TT], select.flags option[value=tt], .country-TT {background-position:0 -4907px}
-select.flags option[value=TV], select.flags option[value=tv], .country-TV {background-position:0 -4929px}
-select.flags option[value=TW], select.flags option[value=tw], .country-TW {background-position:0 -4951px}
-select.flags option[value=TZ], select.flags option[value=tz], .country-TZ {background-position:0 -4973px}
-select.flags option[value=UA], select.flags option[value=ua], .country-UA {background-position:0 -4995px}
-select.flags option[value=UG], select.flags option[value=ug], .country-UG {background-position:0 -5017px}
-select.flags option[value=UM], select.flags option[value=um], .country-UM {background-position:0 -5039px}
-select.flags option[value=US], select.flags option[value=us], .country-US {background-position:0 -5061px}
-select.flags option[value=UY], select.flags option[value=uy], .country-UY {background-position:0 -5083px}
-select.flags option[value=UZ], select.flags option[value=uz], .country-UZ {background-position:0 -5105px}
-select.flags option[value=VA], select.flags option[value=va], .country-VA {background-position:0 -5127px}
-select.flags option[value=VC], select.flags option[value=vc], .country-VC {background-position:0 -5149px}
-select.flags option[value=VE], select.flags option[value=ve], .country-VE {background-position:0 -5171px}
-select.flags option[value=VG], select.flags option[value=vg], .country-VG {background-position:0 -5193px}
-select.flags option[value=VI], select.flags option[value=vi], .country-VI {background-position:0 -5215px}
-select.flags option[value=VN], select.flags option[value=vn], .country-VN {background-position:0 -5237px}
-select.flags option[value=VU], select.flags option[value=vu], .country-VU {background-position:0 -5259px}
-select.flags option[value=WF], select.flags option[value=wf], .country-WF {background-position:0 -5303px}
-select.flags option[value=WS], select.flags option[value=ws], .country-WS {background-position:0 -5325px}
-select.flags option[value=YE], select.flags option[value=ye], .country-YE {background-position:0 -5347px}
-select.flags option[value=YT], select.flags option[value=yt], .country-YT {background-position:0 -5369px}
-select.flags option[value=ZA], select.flags option[value=za], .country-ZA {background-position:0 -5391px}
-select.flags option[value=ZM], select.flags option[value=zm], .country-ZM {background-position:0 -5413px}
-select.flags option[value=ZW], select.flags option[value=zw], .country-ZW {background-position:0 -5435px}
-
-.panel_login {
- max-width: 80%;
- min-width: 680px;
-}
-div.subsectiontoggle {
- border:1px solid #ccc;
- font-weight:bold;
- font-size:14px;
- padding-top:10px;
- padding-bottom:0;
- margin-top:5px;
- text-indent:15px;
- cursor:pointer;
- margin-bottom:10px;
- background-color:#f4f4f4;
- -moz-border-radius:5px;
- -webkit-border-radius:5px;
- -khtml-border-radius:5px;
- -o-border-radius:5px;
- -ms-border-radius:5px;
- border-radius:5px;
-}
-div.subsectiontoggle span {
- display:inline-block;
- margin-bottom:-3px;
- margin-right:10px;
- width:16px;
- height:16px;
- background: url("../../default/icons/button_sprite.png") 0 -72px no-repeat transparent;
-}
-div.subsectiontoggle span.showing{
- background-position: 0 -40px;
-}
-div.subsectiontoggle em {
- display:block;
- position:relative;
- left:425px;
- top:-13px;
- margin-bottom:-3px;
- width:13px;
- height:13px;
- background:url("../../default/images/chevron.png") top left no-repeat;
- -webkit-transform:none;
- -moz-transform:none;
- -khtml-transform:none;
- -o-transform:none;
- -ms-transform:none;
- transform:none;
- -webkit-transition-duration: .2s;
- -moz-transition-duration: .2s;
- -khtml-transition-duration: .2s;
- -o-transition-duration: .2s;
- -ms-transition-duration: .2s;
- transition-duration: .2s;
- -webkit-transition-property: -webkit-transform;
- -moz-transition-property: -moz-transform;
- -khtml-transition-property: -khtml-transform;
- -o-transition-property: -o-transform;
- -ms-transition-property: -ms-transform;
- transition-property: transform;
-}
-div.subsectiontoggle em.showing {
- display:block;
- position:relative;
- left:425px;
- top:-13px;
- background:url("../../default/images/chevron.png") top left no-repeat;
- width:13px;
- height:13px;
- -webkit-transform:rotate(90deg);
- -moz-transform:rotate(90deg);
- -khtml-transform:rotate(90deg);
- -o-transform:rotate(90deg);
- -ms-transform:rotate(90deg);
- transform:rotate(90deg);
-}
-div.subsectiontoggle:hover em {
- -webkit-transform:rotate(90deg);
- -moz-transform:rotate(90deg);
- -khtml-transform:rotate(90deg);
- -o-transform:rotate(90deg);
- -ms-transform:rotate(90deg);
- transform:rotate(90deg);
-}
-
-
-div.gs-container {
- margin-top:10px;
-}
-div.gs-container * {
- margin: 0;
- padding: 0;
- background-position: 0 0;
- text-decoration: none;
- font-size: 1em;
-}
-div.gs-container input {
- background: url("../../default/icons/x16_sprite.png") no-repeat 2px -119px #FFFFFF;
- height:20px;
- border:1px solid #444;
- padding:0 22px 2px;
- color:#444;
- -moz-border-radius:5px;
- -webkit-border-radius:5px;
- -khtml-border-radius:5px;
- -o-border-radius:5px;
- -ms-border-radius:5px;
- border-radius:5px;
-}
-input.gs-loading {
- background-image: url("../../default/images/loading.gif");
- background-repeat: no-repeat;
- background-position: center right;
-}
-ul.gs-resultbox {
- margin: 0 !important;
- padding: 0 !important;
- width: 300px;
- z-index: 999999;
- border: 1px solid #777;
- font-size: 11px;
- background: #fff;
- -moz-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -webkit-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -khtml-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -o-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -ms-box-shadow: 2px 2px 5px 0 #c5c5c5;
- box-shadow: 2px 2px 5px 0 #c5c5c5;
- list-style: none;
- -moz-border-radius:5px;
- -webkit-border-radius:5px;
- -khtml-border-radius:5px;
- -o-border-radius:5px;
- -ms-border-radius:5px;
- border-radius:5px;
- max-height:500px;
- overflow:auto;
-}
-ul.gs-resultbox li {
- float: left;
- width: 100%;
- clear: both;
- cursor: pointer;
-}
-ul.gs-resultbox li.gs-cheader {
- height: 13px;
- overflow: hidden;
- padding: 5px 0;
- color: #fff;
- background: #6ea6d1;
- cursor:default;
- padding-bottom:10px;
-}
-ul.gs-resultbox li.gs-cheader p.gs-cheader-title {
- margin: 0 !important;
- padding: 0 0 0 10px !important;
- float: left;
- font-size: 12px;
- font-weight: bold;
-}
-ul.gs-resultbox li.gs-cheader p.gs-cheader-limit {
- margin: 0 !important;
- padding: 0 10px 0 0 !important;
- float: right;
- font-size: 11px;
- font-weight: normal;
-}
-ul.gs-resultbox li.gs-cdata {
- margin: 0 !important;
- padding: 0 !important;
- border-bottom: 1px solid #c5c5c5;
-}
-ul.gs-resultbox li.gs-cdata:last-child {
- border-bottom: none;
-}
-ul.gs-resultbox li.gs-cdata:hover {
- background: #eaf4fd;
-}
-ul.gs-resultbox li.gs-cdata a {
- display: block;
- padding: 5px 10px;
- text-decoration: none !important;
- background: #fff;
-}
-ul.gs-resultbox li.gs-cdata a:hover {
- background: #cde0ff;
-}
-ul.gs-resultbox li.gs-cdata img {
- margin-right: 12px;
-}
-ul.gs-resultbox li.gs-cdata p {
- margin: 0 !important;
- padding: 0 !important;
- color: #444;
- font-size: 10px;
- min-height:30px;
-}
-ul.gs-resultbox li.gs-cdata p span.gs-cdata-title {
- display: inline !important;
- margin: 0 !important;
- padding: 0 !important;
- font-size: 11px;
- font-weight: bold;
- color: #000;
-}
-ul.gs-resultbox li:first-child {
- -moz-border-radius:5px 5px 0 0;
- -webkit-border-radius:5px 5px 0 0;
- -khtml-border-radius:5px 5px 0 0;
- -o-border-radius:5px 5px 0 0;
- -ms-border-radius:5px 5px 0 0;
- border-radius:5px 5px 0 0;
-}
-ul.gs-resultbox li:last-child {
- -moz-border-radius:0 0 5px 5px;
- -webkit-border-radius:0 0 5px 5px;
- -khtml-border-radius:0 0 5px 5px;
- -o-border-radius:0 0 5px 5px;
- -ms-border-radius:0 0 5px 5px;
- border-radius:0 0 5px 5px;
-}
-
-div.df-container {
-}
-div.df-container * {
- margin: 0;
- padding: 0;
- background-position: 0 0;
- text-decoration: none;
- font-size: 1em;
-}
-div.df-container input {
-}
-input.df-loading {
- background-image: url("../../default/images/loading.gif");
- background-repeat: no-repeat;
- background-position: center right;
-}
-ul.df-resultbox {
- margin: 0 !important;
- padding: 0 !important;
- min-width: 250px;
- max-width: 500px;
- z-index: 999999;
- border: 1px solid #777;
- font-size: 11px;
- background: #fff;
- -moz-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -webkit-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -khtml-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -o-box-shadow: 2px 2px 5px 0 #c5c5c5;
- -ms-box-shadow: 2px 2px 5px 0 #c5c5c5;
- box-shadow: 2px 2px 5px 0 #c5c5c5;
- list-style: none;
- -moz-border-radius:5px;
- -webkit-border-radius:5px;
- -khtml-border-radius:5px;
- -o-border-radius:5px;
- -ms-border-radius:5px;
- border-radius:5px;
-}
-ul.df-resultbox li {
- float: left;
- width: 100%;
- clear: both;
- cursor: pointer;
-}
-ul.df-resultbox li.df-cheader {
- height: 13px;
- overflow: hidden;
- padding: 5px 0;
- color: #fff;
- background: #6ea6d1;
- cursor:default;
- padding-bottom:10px;
-}
-ul.df-resultbox li.df-cheader p.df-cheader-title {
- margin: 0 !important;
- padding: 0 0 0 10px !important;
- float: left;
- font-size: 12px;
- font-weight: bold;
-}
-ul.df-resultbox li.df-cheader p.df-cheader-limit {
- margin: 0 !important;
- padding: 0 10px 0 0 !important;
- float: right;
- font-size: 11px;
- font-weight: normal;
-}
-ul.df-resultbox li.df-cdata {
- margin: 0 !important;
- padding: 0 !important;
- border-bottom: 1px solid #c5c5c5;
-}
-ul.df-resultbox li.df-cdata:last-child {
- border-bottom: none;
-}
-ul.df-resultbox li.df-cdata:hover {
- background: #eaf4fd;
-}
-ul.df-resultbox li.df-cdata a {
- display: block;
- padding: 5px 10px;
- text-decoration: none !important;
- background: #fff;
-}
-ul.df-resultbox li.df-cdata a:hover {
- background: #cde0ff;
-}
-ul.df-resultbox li.df-cdata img {
- margin-right: 12px;
-}
-ul.df-resultbox li.df-cdata p {
- margin: 0 !important;
- padding: 0 !important;
- color: #444;
- font-size: 10px;
- min-height:30px;
-}
-ul.df-resultbox li.df-cdata p span.df-cdata-title {
- display: inline !important;
- margin: 0 !important;
- padding: 0 !important;
- font-size: 11px;
- font-weight: bold;
- color: #000;
-}
-ul.df-resultbox li:first-child {
- -moz-border-radius:5px 5px 0 0;
- -webkit-border-radius:5px 5px 0 0;
- -khtml-border-radius:5px 5px 0 0;
- -o-border-radius:5px 5px 0 0;
- -ms-border-radius:5px 5px 0 0;
- border-radius:5px 5px 0 0;
-}
-ul.df-resultbox li:last-child {
- -moz-border-radius:0 0 5px 5px;
- -webkit-border-radius:0 0 5px 5px;
- -khtml-border-radius:0 0 5px 5px;
- -o-border-radius:0 0 5px 5px;
- -ms-border-radius:0 0 5px 5px;
- border-radius:0 0 5px 5px;
-}
-
-span.icons16-empty {
- float:left;
- display:block;
- height:20px;
- width:20px;
- margin:0 7px 0 0;
-}
-
-.ttip {
- width:16px;
- height:16px;
- cursor:pointer;
- background: url("../../default/icons/x16_sprite.png") no-repeat -2px -42px transparent;
- float:right;
- display:inline;
- position:relative;
- right:-2px;
- top:-2px;
-}
-
-p.prefix {
- float: left;
- margin: 0;
- text-align: right;
-}
-p.label {
- float: left;
- margin: 5px 15px 0 0;
-}
-p.value {
- float:left;
- margin: 0 0 0 2px;
-}
-
-/* content_ispc
--------------------------------------------------------------- */
-.tipsy {
- font-size: 10px;
- position: absolute;
- padding: 5px;
- z-index: 100000;
-}
-.tipsy-inner {
- background-color: #000;
- color: #FFF;
- max-width: 350px;
- padding: 5px 8px 4px 8px;
- text-align: left;
-}
-
-/* Rounded corners */
-.tipsy-inner {
- border-radius: 5px;
- -moz-border-radius: 5px;
- -webkit-border-radius: 5px;
-}
-
-/* Uncomment for shadow */
-/*.tipsy-inner { box-shadow: 0 0 5px #000000; -webkit-box-shadow: 0 0 5px #000000; -moz-box-shadow: 0 0 5px #000000; }*/
-
-.tipsy-arrow {
- position: absolute;
- width: 0;
- height: 0;
- line-height: 0;
- border: 5px dashed #000;
-}
-/* Rules to colour arrows */
-.tipsy-arrow-n { border-bottom-color: #000; }
-.tipsy-arrow-s { border-top-color: #000; }
-.tipsy-arrow-e { border-left-color: #000; }
-.tipsy-arrow-w { border-right-color: #000; }
-
-.tipsy-n .tipsy-arrow { top: 0px; left: 50%; margin-left: -5px; border-bottom-style: solid; border-top: none; border-left-color: transparent; border-right-color: transparent; }
-.tipsy-nw .tipsy-arrow { top: 0; left: 10px; border-bottom-style: solid; border-top: none; border-left-color: transparent; border-right-color: transparent;}
-.tipsy-ne .tipsy-arrow { top: 0; right: 10px; border-bottom-style: solid; border-top: none; border-left-color: transparent; border-right-color: transparent;}
-.tipsy-s .tipsy-arrow { bottom: 0; left: 50%; margin-left: -5px; border-top-style: solid; border-bottom: none; border-left-color: transparent; border-right-color: transparent; }
-.tipsy-sw .tipsy-arrow { bottom: 0; left: 10px; border-top-style: solid; border-bottom: none; border-left-color: transparent; border-right-color: transparent; }
-.tipsy-se .tipsy-arrow { bottom: 0; right: 10px; border-top-style: solid; border-bottom: none; border-left-color: transparent; border-right-color: transparent; }
-.tipsy-e .tipsy-arrow { right: 0; top: 50%; margin-top: -5px; border-left-style: solid; border-right: none; border-top-color: transparent; border-bottom-color: transparent; }
-.tipsy-w .tipsy-arrow { left: 0; top: 50%; margin-top: -5px; border-right-style: solid; border-left: none; border-top-color: transparent; border-bottom-color: transparent; }
-
-/* uni-form-generic
--------------------------------------------------------------- */
-
-/* Uni-Form by Dragan Babic [Superawesome Industries] - http: //sprawsm.com/uni-form/ */
-/* Some rights reserved - http: //creativecommons.org/licenses/by-sa/2.5/ */
-/* Do not edit this file directly, make your changes to uni-form.css in the same folder */
-
-.uniForm{ margin: 0; padding: 0; position: relative; z-index: 1; } /* reset stuff */
-
-/* Some generals and more resets */
-.uniForm fieldset{ border: none; margin: 0; padding: 0; }
-.uniForm fieldset legend{ margin: 0; padding: 0; }
-
-/* This is the main unit that contains our form elements */
-.uniForm .ctrlHolder,
-.uniForm .buttonHolder{ margin: 0; padding: 0; clear: both; }
-
-/* Clear all floats */
-.uniForm:after,
-.uniForm .buttonHolder:after,
-.uniForm .ctrlHolder:after,
-.uniForm .ctrlHolder .multiField:after,
-.uniForm .inlineLabel:after{ content: "."; display: block; height: 0; line-height: 0; font-size: 0; clear: both; min-height: 0; visibility: hidden; }
-
-/* A class to be used on a label that contains a checkbox or a radio button */
-.uniForm .inlineLabel,
-.uniForm .inlineLabels .inlineLabel,
-.uniForm .blockLabels .inlineLabel{ width: auto; float: none; margin: 0; display: block; }
-/* IE shows borders & padding on checkboxes and radio buttons if they are declared on an input element, remove them */
-/* Legacy/Inheritance fix */
-.uniForm .inlineLabel input,
-.uniForm .inlineLabels .inlineLabel input,
-.uniForm .blockLabels .inlineLabel input{ border: none; padding: 0; margin: 0; }
-
-/* Styles for form controls where labels are above the input elements */
-/* Set the class of the parent (preferably to a fieldset) to .blockLabels */
-
-.uniForm label,
-.uniForm .label,
-.uniForm .blockLabels label,
-.uniForm .blockLabels .label{ display: block; float: none; padding: 0; line-height: 100%; width: auto; }
-
-/* Float the input elements */
-.uniForm .textInput,
-.uniForm .blockLabels .textInput,
-.uniForm .blockLabels .fileUpload,
-.uniForm .selectInput,
-.uniForm .blockLabels .selectInput,
-.uniForm .blockLabels select,
-.uniForm textarea,
-.uniForm .blockLabels textarea{ float: left; }
-
-/* Postition the hints */
-.uniForm .formHint,
-.uniForm .blockLabels .formHint{ float: right; margin: 0; clear: none; }
-
-/* Position the elements inside combo boxes (multiple selects/checkboxes/radio buttons per unit) */
-.uniForm .multiField,
-.uniForm .blockLabels .multiField{ width: auto; float: left; }
-.uniForm .multiField .inlineLabel,
-.uniForm .blockLabels .multiField .inlineLabel{ display: block; margin: 0 0 .5em 0; }
-.uniForm .multiField .blockLabel,
-.uniForm .blockLabels .multiField .blockLabel{ float: left; width: auto; margin: 0; }
-.uniForm .multiField .blockLabel .textInput,
-.uniForm .multiField .blockLabel .selectInput,
-.uniForm .multiField .blockLabel select,
-.uniForm .blockLabels .multiField .blockLabel .textInput,
-.uniForm .blockLabels .multiField .blockLabel .selectInput,
-.uniForm .blockLabels .multiField .blockLabel select{ width: 100%; margin: 0; }
-
-/* Styles for form controls where labels are in line with the input elements */
-/* Set the class of the parent (preferably to a fieldset) to .inlineLabels */
-.uniForm .inlineLabels label,
-.uniForm .inlineLabels .label{ float: left; margin: 0; padding: 0; line-height: 100%; position: relative; }
-
-/* Float the input elements */
-.uniForm .inlineLabels .textInput,
-.uniForm .inlineLabels .fileUpload,
-.uniForm .inlineLabels .selectInput,
-.uniForm .inlineLabels select,
-.uniForm .inlineLabels textarea{ float: left; }
-
-/* Postition the hints */
-.uniForm .inlineLabels .formHint{ clear: both; float: none; }
-.uniForm .inlineLabels .multiField{ float: left; }
-.uniForm .inlineLabels .multiField .inlineLabel{}
-.uniForm .inlineLabels .multiField .blockLabel{}
-.uniForm .inlineLabels .multiField .blockLabel .textInput,
-.uniForm .inlineLabels .multiField .blockLabel .selectInput,
-.uniForm .inlineLabels .multiField .blockLabel select{ display: block; width: 100%; float: none; }
-.uniForm .inlineLabels .multiField select{ float: left; }
-
-/* Required fields asterisk styling for .blockLabels */
-.uniForm label em,
-.uniForm .label em,
-.uniForm .blockLabels label em,
-.uniForm .blockLabels .label em{ position: absolute; left: -7px; }
-
-/* Required fields asterisk styling for .inlineLabels */
-.uniForm .inlineLabels label em,
-.uniForm .inlineLabels .label em{ display: block; position: absolute; left: auto; right: 0; font-style: normal; font-weight: bold; }
-.uniForm .inlineLabel em{ position: absolute; left: 7px; }
-
-/* Messages */
-.uniForm #errorMsg,
-.uniForm .error{}
-.uniForm #errorMsg dt,
-.uniForm #errorMsg h3{}
-.uniForm #errorMsg dd{}
-.uniForm #errorMsg ol{}
-.uniForm #errorMsg ol li{}
-.uniForm .errorField{}
-.uniForm #OKMsg{}
-
-/* Columns */
-
-.uniForm .col{ float: left; }
-.uniForm .col.first{}
-.uniForm .col.last{}
-
-/* uni-form
--------------------------------------------------------------- */
-
-/* Keep in mind that wherever you see "Required property" it means that the property must exist */
-
-/* ------------------------------------------------------------------------------ */
-
-/* Generals */
-.uniForm fieldset{}
-.uniForm fieldset legend{ color: #333; font-weight: bold; font-size: 100%; margin: 0; padding: 1.5em 1.5em 1.5em 0; }
-
-/* This is the main unit that contains our form elements */
-.uniForm .ctrlHolder{ padding: 3px; border-bottom: 1px dotted #dfdfdf; }
-
-.uniForm .buttonHolder{
- text-align: left;
- background: #CEDEEF url("../../default/images/buttonHolder_bg.gif") no-repeat right;
- margin: 3em 0 1em;
- padding: 8px;
-}
-.uniForm .resetButton{ float: left; }
-.uniForm .primaryAction{ font-weight: bold; }
-
-/* This class gets added to div.ctrlHolder to highlight the row */
-.uniForm .focused{ background: #fffcdf; }
-
-/* .inlineLabel is used for inputs within labels - checkboxes and radio buttons */
-.uniForm .inlineLabel input,
-.uniForm .inlineLabels .inlineLabel input,
-.uniForm .blockLabels .inlineLabel input{ float: left; margin: 0 .4em 0 0; }
-.uniForm .inlineLabel span{ float: left; width: 90%; }
-
-/* ------------------------------------------------------------------------------ */
-
-/* .blockLabels (default style, will be applied even if you don"t class the parent element) */
-.uniForm .blockLabels .ctrlHolder{}
-
-.uniForm label,
-.uniForm .blockLabels label,
-.uniForm .blockLabels .label{ margin: 0 0 .5em 0; }
-
-.uniForm .textInput,
-.uniForm .blockLabels .textInput,
-.uniForm .blockLabels .fileUpload{ width: 43%; /* <- Required property */ }
-
-.uniForm .selectInput,
-.uniForm select,
-.uniForm .blockLabels .selectInput,
-.uniForm .blockLabels select{ width: 43.5%; /* <- Required property */ }
-.uniForm textarea,
-.uniForm .blockLabels textarea{ width: 43%; /* <- Required property */ height: 12em; }
-
-.uniForm .formHint,
-.uniForm .blockLabels .formHint{ width: 55%; /* <- Required property */ font-size: .9em; color: #777; position: relative; top: -.5em; }
-
-.uniForm .multiField,
-.uniForm .blockLabels .multiField{ width: 43%; }
-.uniForm .multiField .inlineLabel,
-.uniForm .blockLabels .multiField .inlineLabel{ display: block; margin: 0 0 .5em 0; }
-.uniForm .multiField .blockLabel,
-.uniForm .blockLabels .multiField .blockLabel{ width: 30%; margin: 0 10px 0 0; }
-.uniForm .multiField .blockLabel .textInput,
-.uniForm .multiField .blockLabel .selectInput,
-.uniForm .multiField .blockLabel select,
-.uniForm .blockLabels .multiField .blockLabel .textInput,
-.uniForm .blockLabels .multiField .blockLabel .selectInput,
-.uniForm .blockLabels .multiField .blockLabel select{ width: 100%; margin: .3em 0 0 0; }
-
-/* ------------------------------------------------------------------------------ */
-
-/* .inlineLabels */
-.uniForm .inlineLabels .ctrlHolder{}
-
-.uniForm .inlineLabels label,
-.uniForm .inlineLabels .label{ width: 20%; /* <- Required property */ margin: .3em 2% 0 0; /* <- Required property */ }
-
-.uniForm .inlineLabels .textInput,
-.uniForm .inlineLabels .fileUpload{ width: 35%; /* <- Required property */ }
-
-.uniForm .inlineLabels .selectInput,
-.uniForm .inlineLabels select{ width: 35%; /* <- Required property */ }
-
-.uniForm .inlineLabels textarea{ width: 35%; /* <- Required property */ height: 12em; }
-
-.uniForm .inlineLabels .formHint{ margin-top: 0; margin-left: 22%; font-size: .9em; color: #777; position: static; }
-
-.uniForm .inlineLabels .multiField{ width: 60%; /* <- Required property */ margin: 0 0 .3em 0; }
-.uniForm .inlineLabels .multiField .inlineLabel{ display: block; margin: 0 0 .5em 0; }
-.uniForm .inlineLabels .multiField .blockLabel{ float: left; width: 26%; margin: 0 3% 0 0; }
-.uniForm .inlineLabels .multiField .blockLabel .textInput,
-.uniForm .inlineLabels .multiField .blockLabel .selectInput,
-.uniForm .inlineLabels .multiField .blockLabel select{ width: 100%; margin: .3em 0 0 0; }
-
-/* Focus pseudoclasses */
-.uniForm .ctrlHolder .textInput:focus{ outline: none; /* Get rid of the "glow" effect in WebKit, optional */ }
-.uniForm .ctrlHolder textarea:focus{ outline: none; /* Get rid of the "glow" effect in WebKit, optional */ }
-.uniForm div.focused .formHint{ color: #333; }
-
-/* Columns (they are floated left by default) */
-.uniForm .col{ width: 37.9%; /* <- Required property */ margin: 0 2% 20px 0; }
-/* Use .first and .last classes to control the layout/spacing of your columns */
-.uniForm .col.first{ width: 39%; /* <- Required property */ float: left; clear: none; }
-.uniForm .col.last{ width: 39%; /* <- Required property */ float: right; clear: none; margin-right: 0; }
-
-/* Messages */
-.uniForm #errorMsg, .confirmpassworderror{ background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px; }
-.uniForm .error{ background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; }
-
-.uniForm #errorMsg dt, .uniForm #errorMsg h3{ margin: 0 0 .5em 0; font-size: 100%; line-height: 100%; font-weight: bold; }
-.uniForm #errorMsg dd{ margin: 0; padding: 0; }
-.uniForm #errorMsg ol{ margin: 0; padding: 0; list-style:none;}
-.uniForm #errorMsg ol li{ margin: 0; padding: 2px; list-style-position: inside; border-bottom: 1px dotted #df7d7d; position: relative; }
-.uniForm .errorField{ color: #af4c4c; margin: 0 0 6px 0; padding: 4px; background: #ffbfbf; }
-
-.uniForm #OKMsg, .confirmpasswordok{ background: #C8FFBF; border: 1px solid #A2EF95; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px; }
-.uniForm #OKMsg p{ margin: 0; }
-
-/* ------------------------------------------------------------------------------ */
-
-/* This is the main unit that contains our form elements */
-
-.uniForm .textInput, .uniForm .selectInput, .uniForm textarea {
- background:#FFFFFF none repeat scroll 0 0;
- color: #000000;
- border: 1px solid #DFDFDF;
- padding: 1px;
-}
-
-/* jquery-ui-custom
--------------------------------------------------------------- */
-.ui-datepicker-calendar thead tr th {
- background-image:none;
- background-color:#FFFFFF;
- color:#000000;
-}
-.ui-widget { font-family: "Trebuchet MS", Arial, sans-serif; font-size: 100%; }
-.ui-widget input, .ui-widget select, .ui-widget textarea, .ui-widget button { font-family: "Trebuchet MS", Arial, sans-serif; font-size: 100%; }
-ul.ui-autocomplete { max-height: 250px; overflow-y: auto; min-width: 85px;}
-.ui-combobox { position: relative; display: inline-block; margin-right: 17px; }
-.ui-combobox-toggle { position: absolute !important; top: 0; bottom: 0; margin-left: -1px; padding: 1px !important; background: none repeat scroll 0 0 #FFFFFF !important; border: 1px solid #DFDFDF !important;}
-.ui-combobox-input { background: none repeat scroll 0 0 #FFFFFF !important; border: 1px solid #DFDFDF !important; padding: 1px; font-weight: normal !important; }
-.panel_install_package .ui-combobox { float: left; }
-.clear-float { clear: both; }
-
-a.link-page, span.page-spacer {
- display: inline-block;
- text-align: center;
- padding: 2px;
- line-height: 16px;
- text-decoration: none !important;
- color: #fff;
- min-width: 16px;
-}
-a.link-page {
- border: 1px solid #444;
- margin: 0 5px;
-}
-
-a.link-page:hover {
- background-color: #444;
- color: #e8ff25;
-}
-
-span.page-spacer {
- margin: 0 -5px;
-}
-
-a.link-page.current-page {
- background-color: #444;
- color: #e8ff25;
- font-weight: bold;
-}
-
-.command {
- padding: 1em;
- border: 1px dashed #2f6fab;
- color: black;
- background-color: #f9f9f9;
- line-height: 1.1em;
- font-family: Courier New, Courier, mono;
- font-size: 12px;
- font-style: italic;
-}
-.system {
- color: black;
- font-family: Courier New, Courier, mono;
- font-size: 12px;
- font-style: italic;
-}
-.highlight {
- color: #FF0000;
- font-family: Georgia, "Times New Roman", Times, serif;
- font-size: 12px;
- text-decoration: underline;
-}
\ No newline at end of file
diff --git a/interface/web/themes/blue/icons/x32_sprite.png b/interface/web/themes/blue/icons/x32_sprite.png
deleted file mode 100644
index b1ef1b8e044e2119778d46e1ff9bd3445ef396d3..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/blue/icons/x32_sprite.png and /dev/null differ
diff --git a/interface/web/themes/blue/images/ajax-loader.gif b/interface/web/themes/blue/images/ajax-loader.gif
deleted file mode 100644
index 715f6a9061f5fabe7751e08f8df8e265f4c12103..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/blue/images/ajax-loader.gif and /dev/null differ
diff --git a/interface/web/themes/blue/images/header_bg.png b/interface/web/themes/blue/images/header_bg.png
deleted file mode 100644
index ec0265fe6bbed2cb6184669679c475713b214a07..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/blue/images/header_bg.png and /dev/null differ
diff --git a/interface/web/themes/blue/images/lists_tfoot_bg.png b/interface/web/themes/blue/images/lists_tfoot_bg.png
deleted file mode 100644
index 61f3334ec2138b77cd3d082a93dcf44cd9a5e36e..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/blue/images/lists_tfoot_bg.png and /dev/null differ
diff --git a/interface/web/themes/blue/images/lists_thead_bg.png b/interface/web/themes/blue/images/lists_thead_bg.png
deleted file mode 100644
index 6813b530eca9e5317cf7a6abeaddb88951b08177..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/blue/images/lists_thead_bg.png and /dev/null differ
diff --git a/interface/web/themes/blue/ispconfig_version b/interface/web/themes/blue/ispconfig_version
deleted file mode 100644
index e46f8184283c4b6cedee1594fb5572757c721475..0000000000000000000000000000000000000000
--- a/interface/web/themes/blue/ispconfig_version
+++ /dev/null
@@ -1 +0,0 @@
-3.1dev
diff --git a/interface/web/themes/blue/templates/main.tpl.htm b/interface/web/themes/blue/templates/main.tpl.htm
deleted file mode 100644
index 4fecbda18fa963019087b5df074358e0f92544a2..0000000000000000000000000000000000000000
--- a/interface/web/themes/blue/templates/main.tpl.htm
+++ /dev/null
@@ -1,185 +0,0 @@
-<!DOCTYPE html>
-<html dir="ltr" lang="en-US">
- <head>
- <!--Possible? Vars in lang= ?-->
- <meta charset="<tmpl_var name="html_content_encoding">" />
- <title><tmpl_var name="app_title"> <tmpl_var name="app_version"></title>
- <meta http-equiv="X-UA-Compatible" content="IE=9"/>
- <link href="themes/blue/css/styles.css" rel="stylesheet" media="screen" type="text/css" />
- <link href="themes/default/css/print.css" rel="stylesheet" media="print" type="text/css" />
- <!--[if IE 9]><link href="themes/default/css/iehacks.css" rel="stylesheet" type="text/css" /><![endif]-->
- <!--[if lte IE 8]><script type="text/javascript" src="themes/default/js/html5shiv.js"></script><![endif]-->
- <!--[if lte IE 7]><link href="themes/default/css/iehacks.css" rel="stylesheet" type="text/css" /><![endif]-->
- <link href="themes/default/css/jquery-ui-1.8.16.custom.css" rel="stylesheet" type="text/css" />
- <link rel="shortcut icon" href="/themes/default/images/favicon.ico" />
- <script type="text/javascript" src="js/jquery-1.6.3.min.js"></script>
- <script type="text/javascript" src="js/jquery-ui-1.8.16.custom.min.js"></script>
- <script type="text/javascript" src="js/scrigo.js.php"></script>
- <script type="text/javascript" src="js/uni-form/uni-form.jquery.js"></script>
- <script type="text/javascript" src="js/jquery.ispconfigsearch.js"></script>
- <script type="text/javascript" src="js/jquery.tipsy.js"></script>
- <script language="JavaScript" type="text/javascript">
- jQuery(document).ready(function() {
- loadInitContent();
-
- $('form').not('#dummy_login_form').attr('autocomplete','off');
-
- $("#pageForm").submit(function(e){
- //Prevent form submit: e.preventDefault() in lists
- if ($(".panel #Filter").length > 0) {
- e.preventDefault();
- }
- });
-
- jQuery('.subsectiontoggle').live("click", function(){
- jQuery(this).children().toggleClass('showing').end().next().slideToggle();
- });
-
- jQuery('#globalsearch').ispconfigSearch({
- dataSrc: '/dashboard/ajax_get_json.php?type=globalsearch',
- resultsLimit: '$ <tmpl_var name="globalsearch_resultslimit_of_txt"> % <tmpl_var name="globalsearch_resultslimit_results_txt">',
- noResultsText: '<tmpl_var name="globalsearch_noresults_text_txt">',
- noResultsLimit: '<tmpl_var name="globalsearch_noresults_limit_txt">',
- searchFieldWatermark: '<tmpl_var name="globalsearch_searchfield_watermark_txt">'
- });
-
- jQuery('.ttip').tipsy({live: true, gravity: 'ne', html: true});
-
- tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled>';
- tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled>';
- tabChangeWarningTxt = '<tmpl_var name="global_tabchange_warning_txt">';
- tabChangeDiscardTxt = '<tmpl_var name="global_tabchange_discard_txt">';
-
- // Store password in browser; works in Firefox, but not Chrome
- $('#username').live("blur", function(){
- if($('#username').val() == '') {
- return true;
- }
- if($('#dummy_username').val() == '' || $('#dummy_username').val() != $(this).val()){
- $('#dummy_login').show();
- $('#dummy_username').attr('value', $(this).val()).trigger('focus').trigger('blur');
- $('#dummy_login').hide();
- }
- if($('#dummy_username').val() == $(this).val() && $(this).val() != ''){
- $('#passwort').val($('#dummy_passwort').val());
- } else {
- $('#passwort').val('');
- }
- $('#passwort').focus();
- });
-
- $('#username').live("keyup", function(){
- $('#dummy_username').val('');
- $('#dummy_passwort').val('');
- $('#passwort').val('');
- });
-
- });
-
-
- jQuery(document).bind("change", function(event) {
- var elName = event.target.localName;
- if (jQuery(".panel #Filter").length > 0 && elName == 'select') {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- if(elName == 'select' || elName == 'input' || elName == 'textarea') {
- if(jQuery(event.target).hasClass('no-page-form-change') == false) {
- // set marker that something was changed
- pageFormChanged = true;
- }
- }
- });
-
- jQuery(document).bind("keypress", function(event) {
- //Use jQuery submit with keypress Enter in panel filterbar
- if (event.which == '13' && jQuery(".panel #Filter").length > 0 && jQuery(event.target).hasClass('ui-autocomplete-input') == false ) {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- //Use jQuery submit with keypress Enter in forms
- if (event.which == '13' && jQuery(".pnl_formsarea button.positive").length > 0 && event.target.localName != 'textarea' && jQuery(event.target).is(':input')) {
- event.preventDefault();
- jQuery(".pnl_formsarea button.positive:first").not("[disabled='disabled']").trigger('click');
- }
- });
-
- jQuery(document).delegate('.pnl_listarea th', 'click', function(event) {
- if(jQuery(this).attr('class').length > 0 && jQuery(".panel #Filter").length > 0 && jQuery(this).hasClass('tbl_col_buttons') == false && jQuery(this).hasClass('tbl_col_limit') == false && jQuery(this).hasClass('tbl_col_nosort') == false) {
- event.preventDefault();
- var clickevent = jQuery('#Filter').attr('onclick');
- var element = jQuery(this).attr('class');
- if(typeof clickevent == 'string') {
- jQuery('#Filter').attr('onclick', clickevent.replace(".php')", ".php?orderby=" + element + "')"));
- }
- jQuery(".panel #Filter").trigger('click');
-
- jQuery("#pageForm").ajaxComplete(function() {
- if(jQuery("th."+element).css("background-position") == '0px -15px') {
- if(jQuery("th."+element).css("text-align") == "right") {
- jQuery("th."+element).css("text-align","left");
- } else {
- jQuery("th."+element).css("text-align","right");
- }
- } else {
- jQuery(".pnl_listarea th").css("text-align","");
- }
- jQuery(".pnl_listarea th").css("background-position","0 0");
- jQuery("th."+element).css("background-position","0 -15px");
- });
- }
- });
-
- </script>
- </head>
- <body>
- <div id="page">
- <!-- begin: header -->
- <header>
- <nav id="topsubnav">
- <!-- start: skip link navigation -->
- <a class="skip" href="#navigation" title="skip link">Skip to the navigation</a><span class="hideme">.</span>
- <a class="skip" href="#content" title="skip link">Skip to the content</a><span class="hideme">.</span>
- <!-- end: skip link navigation -->
- <tmpl_if name="cpuser">
- <a href="#logout" data-load-content="login/logout.php"><tmpl_var format="strtoupper" name="logout_txt"> <tmpl_var format="strtoupper" name="cpuser"></a><!-- | <a href="#" onclick="ISPConfig.capp('help')">Help</a> | <a href="#">Imprint</a>-->
- <tmpl_if name='usertype' op='==' value='normaluser'><div class="col-sm-9"><input class="form-control" type="text" id="globalsearch" value="" /></div></tmpl_if>
- </tmpl_if>
- </nav>
- <h1 id="ir-HeaderLogo" class="swap" style="background-image:url('{tmpl_var name='app_logo'}');"><span>ISPConfig 3</span></h1>
- <span>hosting control panel</span>
- </header>
- <!-- end: header -->
- <a id="navigation" name="navigation"></a><!-- skiplink anchor: navigation -->
- <!-- begin: main navigation #nav -->
- <nav id="topNav"> </nav>
- <!-- end: main navigation -->
-
- <!-- begin: main content area #main -->
- <section id="main" name="content">
- <nav id="sideNav" class="clearfix"> </nav>
- <!-- begin: #content -->
- <section id="content">
- <form method="post" action="" id="pageForm" name="pageForm" enctype="multipart/form-data" class="uniForm">
- <div class="col-sm-9"><input class="form-control" type="text" style="display:none" /></div><div class="col-sm-9"><input class="form-control" type="password" style="display:none"/></div><div id="pageContent"><!-- AJAX CONTENT --></div>
- </form>
- <div id="ie_clearing"> </div>
- <!-- End: IE Column Clearing -->
- </section>
- <!-- end: #content -->
- </section>
- <!-- end: #main -->
- <!-- begin: footer -->
- <footer>
- Powered by <a href="<tmpl_var name="app_link">" target="_blank"><tmpl_var name="app_title"></a>
- </footer><!-- end: footer -->
- </div>
-
-<div id="dummy_login" style="display:none;position:absolute;top:-1000px;left:-1000px;">
-<form action="" method="post" target="dummy_login" id="dummy_login_form">
-<div class="col-sm-9"><input class="form-control" type="text" name="username" id="dummy_username" autocomplete="on" value="" /></div><div class="col-sm-9"><input class="form-control" type="password" name="passwort" id="dummy_passwort" autocomplete="on" value="" /></div><input type="submit" value="Login" id="dummy_submit"/>
-</form>
-<iframe id="dummy_iframe" src="dummy_login.html" name="dummy_login" style="display:none;"></iframe>
-</div>
- </body>
-</html>
diff --git a/interface/web/themes/default/assets/javascripts/ispconfig.js b/interface/web/themes/default/assets/javascripts/ispconfig.js
index bc5c988a3cea4e2d9eda903be872d8bc72e3a0dd..b68af577edc9059c2d6bc420d66a37ac1c4914e6 100644
--- a/interface/web/themes/default/assets/javascripts/ispconfig.js
+++ b/interface/web/themes/default/assets/javascripts/ispconfig.js
@@ -464,7 +464,7 @@ var ISPConfig = {
});
},
- loadOptionInto: function(elementid,pagename) {
+ loadOptionInto: function(elementid,pagename,callback) {
var pageContentObject2 = $.ajax({
type: "GET",
url: pagename,
@@ -482,6 +482,9 @@ var ISPConfig = {
foo2.value=elemente[i];
el.appendChild(foo2);
}
+ if (typeof(callback) != 'undefined') {
+ callback(elementid,pagename);
+ }
},
error: function() {
ISPConfig.reportError('Ajax Request was not successful. 119');
@@ -635,7 +638,11 @@ $(document).on('click', 'th[data-column]', function(e) {
var dir = $self.attr('data-ordered');
- act = act + '?orderby=' + column;
+ var separator = '?';
+ if(act.indexOf("?") >= 0){
+ separator = '&';
+ }
+ act = act + separator + 'orderby=' + column;
ISPConfig.submitForm(form, act);
$(document).ajaxComplete(function() {
diff --git a/interface/web/themes/default/assets/stylesheets/ispconfig.css b/interface/web/themes/default/assets/stylesheets/ispconfig.css
index 958c2b3d3c9be446ad3dba6f59f15a01cd331a60..6d29d5eda477a1b6f0221aa38e30e3843114f473 100644
--- a/interface/web/themes/default/assets/stylesheets/ispconfig.css
+++ b/interface/web/themes/default/assets/stylesheets/ispconfig.css
@@ -65,7 +65,8 @@ body {
float: left;
width: 200px;
height: 65px;
- background: url("../images/logo.png") no-repeat; }
+ margin-top:10px;
+ /*background: url("../images/logo.png") no-repeat;*/ }
#logo a {
display: block;
width: 100%;
@@ -474,6 +475,7 @@ span.flag-ec {background-position:0 -1365px}
span.flag-ee {background-position:0 -1387px}
span.flag-eg {background-position:0 -1409px}
span.flag-eh {background-position:0 -1431px}
+/*span.flag-en {background-position:0 -1453px}*/
span.flag-er {background-position:0 -1475px}
span.flag-es {background-position:0 -1497px}
span.flag-et {background-position:0 -1519px}
@@ -484,7 +486,7 @@ span.flag-fm {background-position:0 -1651px}
span.flag-fo {background-position:0 -1673px}
span.flag-fr {background-position:0 -1695px}
span.flag-ga {background-position:0 -1717px}
-span.flag-gb {background-position:0 -1739px}
+span.flag-gb, span.flag-en {background-position:0 -1739px}
span.flag-gd {background-position:0 -1761px}
span.flag-ge {background-position:0 -1783px}
span.flag-gf {background-position:0 -1805px}
diff --git a/interface/web/themes/default/assets/stylesheets/select2.css b/interface/web/themes/default/assets/stylesheets/select2.css
index 2d07a0343b03a9e85705a6980c3f1516b287c67b..afa4e3fc037b9857a39d996365e3607900f76a84 100644
--- a/interface/web/themes/default/assets/stylesheets/select2.css
+++ b/interface/web/themes/default/assets/stylesheets/select2.css
@@ -442,7 +442,7 @@ disabled look for disabled choices in the results dropdown
}
.select2-results .select2-disabled {
background: #f4f4f4;
- display: list-item;
+ display: none;
cursor: default;
}
diff --git a/interface/web/themes/default/templates/error.tpl.htm b/interface/web/themes/default/templates/error.tpl.htm
index f65df61bb374b8e4355a7a287701be0d26556e58..f0c10811c2d9c30bd9554ba2245dc2c272738aa8 100644
--- a/interface/web/themes/default/templates/error.tpl.htm
+++ b/interface/web/themes/default/templates/error.tpl.htm
@@ -1,5 +1,5 @@
<div class='alert alert-danger clear'>
- <div class='alert-label'><strong>ERROR</strong></div>
+ <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
<div class='alert-content'>
<ol>
<li>###ERRORMSG###</li>
diff --git a/interface/web/themes/default/templates/main.tpl.htm b/interface/web/themes/default/templates/main.tpl.htm
index 67b37e895d4e346277118390e874fbe74a1c78ed..d29ab0039f8a589427c27cb0c3172de0b88c4c26 100644
--- a/interface/web/themes/default/templates/main.tpl.htm
+++ b/interface/web/themes/default/templates/main.tpl.htm
@@ -33,7 +33,7 @@
<!-- off canvas menu button -->
<div class='menu-btn left'>☰</div>
<!-- logo -->
- <div id='logo'><a href='#'></a></div>
+ <div id='logo' style="background: url({tmpl_var name="base64_logo_txt"}) no-repeat;width:{tmpl_var name="base64_logo_width"};height:{tmpl_var name="base64_logo_height"}"><a href='#'></a></div>
</div>
<div id='headerbar' class='clear'>
<!-- logout button -->
diff --git a/interface/web/themes/default/templates/sidenav.tpl.htm b/interface/web/themes/default/templates/sidenav.tpl.htm
index 9515c40ab5c6bc9c10273900bbe69557b5ffe899..b85100336026b611656d73f5630f6a3052cfddef 100644
--- a/interface/web/themes/default/templates/sidenav.tpl.htm
+++ b/interface/web/themes/default/templates/sidenav.tpl.htm
@@ -9,13 +9,13 @@
<tmpl_else>
<a href="#" data-load-content="<tmpl_var name='link'>">
</tmpl_if>
- <tmpl_else>
- <a href="#">
</tmpl_if>
<div>
<strong><tmpl_var name="title"></strong>
</div>
+ <tmpl_if name="link">
</a>
+ </tmpl_if>
</li>
</tmpl_loop>
</ul>
diff --git a/interface/web/themes/default/templates/tabbed_form.tpl.htm b/interface/web/themes/default/templates/tabbed_form.tpl.htm
index d0a2684352c4b80db8c908e51a073656e98a846d..5560f3e12c733b8f6ef6e4e4336b0c39fe35619b 100644
--- a/interface/web/themes/default/templates/tabbed_form.tpl.htm
+++ b/interface/web/themes/default/templates/tabbed_form.tpl.htm
@@ -10,7 +10,7 @@
</tmpl_if>
<tmpl_if name="error">
<div class='alert alert-danger clear'>
- <div class='alert-label'><strong>ERROR</strong></div>
+ <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
<div class='alert-content'>
<ol><tmpl_var name="error"></ol>
<div>TODO: IP address is empty.</div>
diff --git a/interface/web/themes/default_64_navimg/css/additional.css b/interface/web/themes/default_64_navimg/css/additional.css
deleted file mode 100644
index c064817d930b3baf0db516a41e8db492fe137483..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_64_navimg/css/additional.css
+++ /dev/null
@@ -1,64 +0,0 @@
-@media all
-{
- #topNav a {
- background-color: #D3D3D3;
- background-position: center top;
- background-repeat: no-repeat;
- color:black;
- display:inline-block;
- height:20px;
- padding-top:68px;
- text-align:center;
- text-decoration:none;
- width:97px;
- }
-
- .topnav-admin {
- background-image: url('/themes/default_304/icons/x64/system.png') !important;
- }
-
- .topnav-client {
- background-image: url('/themes/default_304/icons/x64/client.png') !important;
- }
-
- .topnav-mail {
- background-image: url('/themes/default_304/icons/x64/email.png') !important;
- }
-
- .topnav-monitor {
- background-image: url('/themes/default_304/icons/x64/monitor.png') !important;
- }
-
- .topnav-sites {
- background-image: url('/themes/default_304/icons/x64/sites.png') !important;
- }
-
- .topnav-dns {
- background-image: url('/themes/default_304/icons/x64/dns.png') !important;
- }
-
- .topnav-tools {
- background-image: url('/themes/default_304/icons/x64/tools.png') !important;
- }
-
- .topnav-help {
- background-image: url('/themes/default_304/icons/x64/help.png') !important;
- }
-
- .topnav- {
- background-image: url('/themes/default_304/icons/x64/login.png') !important;
- }
-
- .topnav-domain {
- background-image: url('/themes/default_304/icons/x64/domain.png') !important;
- }
-
- .topnav-dashboard {
- background-image: url('/themes/default_304/icons/x64/dashboard.png') !important;
- }
-
- .topnav-vm {
- background-image: url("/themes/default_304/icons/x64/drawer.png") !important;
- }
-
-}
\ No newline at end of file
diff --git a/interface/web/themes/default_64_navimg/icons/x16/arrow.png b/interface/web/themes/default_64_navimg/icons/x16/arrow.png
deleted file mode 100644
index 82cfae37cce484b4f63c7cabf3eb6ab65fe8ccd5..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_64_navimg/icons/x16/arrow.png and /dev/null differ
diff --git a/interface/web/themes/default_64_navimg/icons/x16/arrow_180.png b/interface/web/themes/default_64_navimg/icons/x16/arrow_180.png
deleted file mode 100644
index a1e5e6bc61f8403e588f24a32090b5ccae1eef74..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_64_navimg/icons/x16/arrow_180.png and /dev/null differ
diff --git a/interface/web/themes/default_64_navimg/icons/x16/arrow_stop.png b/interface/web/themes/default_64_navimg/icons/x16/arrow_stop.png
deleted file mode 100644
index 702b9b7b791ab1ffbc3ceb962b75434421d1f156..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_64_navimg/icons/x16/arrow_stop.png and /dev/null differ
diff --git a/interface/web/themes/default_64_navimg/icons/x16/arrow_stop_180.png b/interface/web/themes/default_64_navimg/icons/x16/arrow_stop_180.png
deleted file mode 100644
index 573ff4889bd49f1a63d35d9c4e7e1b440c43629e..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_64_navimg/icons/x16/arrow_stop_180.png and /dev/null differ
diff --git a/interface/web/themes/default_64_navimg/ispconfig_version b/interface/web/themes/default_64_navimg/ispconfig_version
deleted file mode 100644
index bb19ac367e61ef69398f09154456075f734e0d46..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_64_navimg/ispconfig_version
+++ /dev/null
@@ -1 +0,0 @@
-3.0.4.6
\ No newline at end of file
diff --git a/interface/web/themes/default_64_navimg/templates/main.tpl.htm b/interface/web/themes/default_64_navimg/templates/main.tpl.htm
deleted file mode 100644
index 4831149b63d1b5c2bb37593492622e9a9742dc0c..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_64_navimg/templates/main.tpl.htm
+++ /dev/null
@@ -1,187 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
- <title><tmpl_var name="app_title"> <tmpl_var name="app_version"></title>
- <meta http-equiv="Content-Type" content="text/html; charset=<tmpl_var name="html_content_encoding">"/>
- <meta http-equiv="X-UA-Compatible" content="IE=8"/>
- <link href="themes/default_304/css/central.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_64_navimg/css/additional.css" rel="stylesheet" type="text/css"/>
- <!--[if lte IE 7]>
- <link href="themes/default_304/css/patches/central.css" rel="stylesheet" type="text/css" />
- <![endif]-->
- <!--[if lte ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <!--[if gt ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <link href="themes/default_304/css/screen/redmond/jquery-ui-1.8.16.custom.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_304/css/screen/jquery-ui-custom.css" rel="stylesheet" type="text/css"/>
- <link rel="shortcut icon" href="/themes/default_304/images/favicon.ico" />
- <script type="text/javascript" src="js/jquery-1.6.3.min.js"></script>
- <script type="text/javascript" src="js/jquery-ui-1.8.16.custom.min.js"></script>
- <script type="text/javascript" src="js/scrigo.js.php"></script>
- <script type="text/javascript" src="js/uni-form/uni-form.jquery.js"></script>
- <script type="text/javascript" src="js/jquery.ispconfigsearch.js"></script>
- <script type="text/javascript" src="js/jquery.tipsy.js"></script>
- <script language="JavaScript" type="text/javascript">
- var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;
- if(!is_chrome && getInternetExplorerVersion() > 8.0) {
- var style = document.createElement('style');
- style.innerHTML = '#page_margins { min-width: 980px; max-width: 80%; background: #fff; display: table;}';
- document.getElementsByTagName("head")[0].appendChild(style);
- }
-
- jQuery(document).ready(function() {
- loadInitContent();
-
- $("#pageForm").submit(function(e){
- //Prevent form submit: e.preventDefault() in lists
- if ($(".panel #Filter").length > 0) {
- e.preventDefault();
- }
- });
-
- jQuery('.subsectiontoggle').live("click", function(){
- jQuery(this).children().toggleClass('showing').end().next().slideToggle();
- });
-
- jQuery('#globalsearch').ispconfigSearch({
- dataSrc: '/dashboard/ajax_get_json.php?type=globalsearch',
- resultsLimit: '$ <tmpl_var name="globalsearch_resultslimit_of_txt"> % <tmpl_var name="globalsearch_resultslimit_results_txt">',
- noResultsText: '<tmpl_var name="globalsearch_noresults_text_txt">',
- noResultsLimit: '<tmpl_var name="globalsearch_noresults_limit_txt">',
- searchFieldWatermark: '<tmpl_var name="globalsearch_searchfield_watermark_txt">'
- });
-
- jQuery('.ttip').tipsy({live: true, gravity: 'ne', html: true});
-
- tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled>';
- tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled>';
- tabChangeWarningTxt = '<tmpl_var name="global_tabchange_warning_txt">';
- tabChangeDiscardTxt = '<tmpl_var name="global_tabchange_discard_txt">';
- });
-
- jQuery(document).bind("change", function(event) {
- var elName = event.target.localName;
- if (jQuery(".panel #Filter").length > 0 && elName == 'select') {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- if(elName == 'select' || elName == 'input' || elName == 'textarea') {
- // set marker that something was changed
- pageFormChanged = true;
- }
- });
-
- jQuery(document).bind("keypress", function(event) {
- //Use jQuery submit with keypress Enter in panel filterbar
- if (event.which == '13' && jQuery(".panel #Filter").length > 0) {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- //Use jQuery submit with keypress Enter in forms
- if (event.which == '13' && jQuery(".pnl_formsarea button.positive").length > 0 && event.target.localName != 'textarea' && jQuery(event.target).is(':input')) {
- event.preventDefault();
- jQuery(".pnl_formsarea button.positive:first").not("[disabled='disabled']").trigger('click');
- }
- });
- </script>
-</head>
-<body>
- <div id="page_margins">
- <div id="page">
- <div id="header">
- <div id="topsubnav">
- <!-- start: skip link navigation -->
- <a class="skip" href="#navigation" title="skip link">Skip to the navigation</a><span class="hideme">.</span>
- <a class="skip" href="#content" title="skip link">Skip to the content</a><span class="hideme">.</span>
- <!-- end: skip link navigation -->
- <tmpl_if name="cpuser">
- <span><a href="#logout" data-load-content="login/logout.php">LOGOUT <tmpl_var format="strtoupper" name="cpuser"></a><!-- | <a href="#" onclick="ISPConfig.capp('help')">Help</a> | <a href="#">Imprint</a>--></span>
- <tmpl_if name='usertype' op='==' value='normaluser'><div class="col-sm-9"><input class="form-control" type="text" id="globalsearch" value="" /></div></tmpl_if>
- </tmpl_if>
- </div>
- <h1 id="ir-HeaderLogo" class="swap" style="background-image:url('{tmpl_var name='app_logo'}');"><span>ISPConfig 3</span></h1>
- <span>hosting control panel</span>
- </div>
- <!-- begin: main navigation #nav -->
- <div id="nav">
- <a id="navigation" name="navigation"></a>
- <!-- skiplink anchor: navigation -->
- <div id="nav_main">
- <div id="topNav"> </div>
- </div>
- </div>
- <!-- end: main navigation -->
- <!-- begin: main content area #main -->
- <div id="main">
- <!-- begin: #col1 - first float column -->
- <div id="col1">
- <div id="col1_content" class="clearfix">
- <div id="sideNav"> </div>
- </div>
- </div>
- <!-- end: #col1 -->
- <!-- begin: #col3 static column -->
- <div id="col3">
- <div id="col3_content" class="clearfix">
- <a id="content" name="content"></a>
- <!-- skiplink anchor: Content -->
- <form method="post" action="" id="pageForm" name="pageForm" enctype="multipart/form-data" class="uniForm">
- <div class="col-sm-9"><input class="form-control" type="text" style="display:none" /></div><div class="col-sm-9"><input class="form-control" type="password" style="display:none"/></div><div id="pageContent"><!-- AJAX CONTENT --></div>
- </form>
- </div>
- <div id="ie_clearing"> </div>
- <!-- End: IE Column Clearing -->
- </div>
- <!-- end: #col3 -->
- </div>
- <!-- end: #main -->
- <!-- begin: #footer -->
- <div id="footer">
- Powered by <a href="<tmpl_var name="app_link">" target="_blank"><tmpl_var name="app_title"></a>
- </div><!-- end: #footer -->
- </div>
- </div>
-</body>
-</html>
diff --git a/interface/web/themes/default_combobox/css/additional.css b/interface/web/themes/default_combobox/css/additional.css
deleted file mode 100644
index be7769b331e25a47bf166be8ca851694c38085d3..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_combobox/css/additional.css
+++ /dev/null
@@ -1,153 +0,0 @@
-.list button.ui-widget{position:absolute}
-
-/*
- * jQuery UI CSS Framework 1.8.16
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Theming/API
- */
-
-/* Layout helpers
-----------------------------------*/
-.ui-helper-hidden { display: none; }
-.ui-helper-hidden-accessible { position: absolute !important; clip: rect(1px 1px 1px 1px); clip: rect(1px,1px,1px,1px); }
-.ui-helper-reset { margin: 0; padding: 0; border: 0; outline: 0; line-height: 1.3; text-decoration: none; font-size: 100%; list-style: none; }
-.ui-helper-clearfix:after { content: "."; display: block; height: 0; clear: both; visibility: hidden; }
-.ui-helper-clearfix { display: inline-block; }
-/* required comment for clearfix to work in Opera \*/
-* html .ui-helper-clearfix { height:1%; }
-.ui-helper-clearfix { display:block; }
-/* end clearfix */
-.ui-helper-zfix { width: 100%; height: 100%; top: 0; left: 0; position: absolute; opacity: 0; filter:Alpha(Opacity=0); }
-
-
-/* Interaction Cues
-----------------------------------*/
-.ui-state-disabled { cursor: default !important; }
-
-
-/* Icons
-----------------------------------*/
-
-/* states and ../images */
-.ui-icon { display: block; text-indent: -99999px; overflow: hidden; background-repeat: no-repeat; }
-
-
-/* Misc visuals
-----------------------------------*/
-
-/* Overlays */
-.ui-widget-overlay { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }
-
-
-
-/* Component containers
-----------------------------------*/
-.ui-widget-content a { color: #333333; }
-.ui-widget-header { border: 1px solid #e78f08; background: #f6a828; color: #ffffff; font-weight: bold; }
-.ui-widget-header a { color: #ffffff; }
-
-/* Interaction states
-----------------------------------*/
-.ui-state-default, .ui-widget-content .ui-state-default, .ui-widget-header .ui-state-default { border: 1px solid #cccccc; background: #F5F5F5; font-weight: bold; color: #1c94c4; }
-.ui-state-default a, .ui-state-default a:link, .ui-state-default a:visited { color: #1c94c4; text-decoration: none; }
-.ui-state-hover, .ui-widget-content .ui-state-hover, .ui-widget-header .ui-state-hover, .ui-state-focus, .ui-widget-content .ui-state-focus, .ui-widget-header .ui-state-focus { border: 1px solid #dfdfdf; background: #FFFACD; font-weight: bold; }
-.ui-state-hover a, .ui-state-hover a:hover { color: #c77405; text-decoration: none; }
-.ui-state-active, .ui-widget-content .ui-state-active, .ui-widget-header .ui-state-active { border: 1px solid #dfdfdf; background: #ffffff; font-weight: bold;}
-.ui-widget :active { outline: none; }
-
-/* Interaction Cues
-----------------------------------*/
-.ui-state-highlight, .ui-widget-content .ui-state-highlight, .ui-widget-header .ui-state-highlight {border: 1px solid #fed22f; background: #ffe45c url(../images/ui-bg_highlight-soft_75_ffe45c_1x100.png) 50% top repeat-x; color: #363636; }
-.ui-state-highlight a, .ui-widget-content .ui-state-highlight a,.ui-widget-header .ui-state-highlight a { color: #363636; }
-.ui-state-error a, .ui-widget-content .ui-state-error a, .ui-widget-header .ui-state-error a { color: #ffffff; }
-.ui-state-error-text, .ui-widget-content .ui-state-error-text, .ui-widget-header .ui-state-error-text { color: #ffffff; }
-.ui-priority-primary, .ui-widget-content .ui-priority-primary, .ui-widget-header .ui-priority-primary { font-weight: bold; }
-
-
-/* Icons
-----------------------------------*/
-
-/* states and ../images */
-.ui-icon { width: 16px; height: 16px; background-image: url(../images/ui-image.png); }
-.ui-widget-content .ui-icon {background-image: url(../images/ui-image.png); }
-.ui-widget-header .ui-icon {background-image: url(../images/ui-icons_ffffff_256x240.png); }
-.ui-state-default .ui-icon { background-image: url(../images/ui-image.png); }
-.ui-state-hover .ui-icon, .ui-state-focus .ui-icon {background-image: url(../images/ui-image.png); }
-.ui-state-active .ui-icon {background-image: url(../images/ui-image.png); }
-.ui-state-highlight .ui-icon {background-image: url(../images/ui-image.png); }
-.ui-state-error .ui-icon, .ui-state-error-text .ui-icon {background-image: url(../images/ui-image.png); }
-
-/* positioning */
-.ui-icon-triangle-1-s { background-position: -64px -16px; }
-
-.ui-autocomplete { position: absolute; cursor: default; }
-
-/* workarounds */
-* html .ui-autocomplete { width:1px; } /* without this, the menu expands to 100% in IE6 */
-
-
-.ui-menu {
- list-style:none;
- padding: 2px;
- margin: 0;
- display:block;
- float: left;
-}
-.ui-menu .ui-menu {
- margin-top: -3px;
-}
-.ui-menu .ui-menu-item {
- margin:0;
- padding: 0;
- zoom: 1;
- float: left;
- clear: left;
- width: 100%;
-}
-.ui-menu .ui-menu-item a {text-align:left;text-decoration:none;
- display:block;
- padding:.1em .4em;
- line-height:1.5;
- zoom:1;
- height: 15px;
-}
-.ui-menu .ui-menu-item a.ui-state-hover,
-.ui-menu .ui-menu-item a.ui-state-active {
- font-weight: normal;
- margin: -1px;
-}
-.ui-widget-content{background:#fff;border:1px solid #DFDFDF}
-.ui-autocomplete-input{width:60%}
-.ui-button { display: inline-block; position: relative; padding: 0; margin-right: .1em; text-decoration: none !important; cursor: pointer; text-align: center; zoom: 1; overflow: visible; } /* the overflow property removes extra width in IE */
-.ui-button-icon-only { width: 2.2em; } /* to make room for the icon, a width needs to be set here */
-button.ui-button-icon-only { width:17px } /* button elements seem to need a little more width */
-.ui-button-icons-only { width: 3.4em; }
-button.ui-button-icons-only { width: 3.7em; }
-
-/*button text element */
-.ui-button .ui-button-text { display: block; line-height: 1; }
-.ui-button-text-only .ui-button-text { padding: .4em 1em; }
-.ui-button-icon-only .ui-button-text, .ui-button-icons-only .ui-button-text { padding: .20em; text-indent: -9999999px; }
-.ui-button-text-icon-primary .ui-button-text, .ui-button-text-icons .ui-button-text { padding: .4em 1em .4em 2.1em; }
-.ui-button-text-icon-secondary .ui-button-text, .ui-button-text-icons .ui-button-text { padding: .4em 2.1em .4em 1em; }
-.ui-button-text-icons .ui-button-text { padding-left: 2.1em; padding-right: 2.1em; }
-/* no icon support for input elements, provide padding by default */
-input.ui-button { padding: .4em 1em; }
-
-/*button icon element(s) */
-.ui-button-icon-only .ui-icon, .ui-button-text-icon-primary .ui-icon, .ui-button-text-icon-secondary .ui-icon, .ui-button-text-icons .ui-icon, .ui-button-icons-only .ui-icon { position: absolute; top: 50%; margin-top: -10px; }
-.ui-button-icon-only .ui-icon { left: 50%; margin-left: -8px; }
-.ui-button-text-icon-primary .ui-button-icon-primary, .ui-button-text-icons .ui-button-icon-primary, .ui-button-icons-only .ui-button-icon-primary { left: .5em; }
-.ui-button-text-icon-secondary .ui-button-icon-secondary, .ui-button-text-icons .ui-button-icon-secondary, .ui-button-icons-only .ui-button-icon-secondary { right: .5em; }
-.ui-button-text-icons .ui-button-icon-secondary, .ui-button-icons-only .ui-button-icon-secondary { right: .5em; }
-
-/*button sets*/
-.ui-buttonset { margin-right: 7px; }
-.ui-buttonset .ui-button { margin-left: 0; margin-right: -.3em; }
-
-/* workarounds */
-button.ui-button::-moz-focus-inner { border: 0; padding: 0; } /* reset extra padding in Firefox */
\ No newline at end of file
diff --git a/interface/web/themes/default_combobox/icons/x16/arrow.png b/interface/web/themes/default_combobox/icons/x16/arrow.png
deleted file mode 100644
index 82cfae37cce484b4f63c7cabf3eb6ab65fe8ccd5..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_combobox/icons/x16/arrow.png and /dev/null differ
diff --git a/interface/web/themes/default_combobox/icons/x16/arrow_180.png b/interface/web/themes/default_combobox/icons/x16/arrow_180.png
deleted file mode 100644
index a1e5e6bc61f8403e588f24a32090b5ccae1eef74..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_combobox/icons/x16/arrow_180.png and /dev/null differ
diff --git a/interface/web/themes/default_combobox/icons/x16/arrow_stop.png b/interface/web/themes/default_combobox/icons/x16/arrow_stop.png
deleted file mode 100644
index 702b9b7b791ab1ffbc3ceb962b75434421d1f156..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_combobox/icons/x16/arrow_stop.png and /dev/null differ
diff --git a/interface/web/themes/default_combobox/icons/x16/arrow_stop_180.png b/interface/web/themes/default_combobox/icons/x16/arrow_stop_180.png
deleted file mode 100644
index 573ff4889bd49f1a63d35d9c4e7e1b440c43629e..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_combobox/icons/x16/arrow_stop_180.png and /dev/null differ
diff --git a/interface/web/themes/default_combobox/images/ui-image.png b/interface/web/themes/default_combobox/images/ui-image.png
deleted file mode 100644
index d1de91b97885eaefee236617223ddcf576137cf0..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_combobox/images/ui-image.png and /dev/null differ
diff --git a/interface/web/themes/default_combobox/ispconfig_version b/interface/web/themes/default_combobox/ispconfig_version
deleted file mode 100644
index bb19ac367e61ef69398f09154456075f734e0d46..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_combobox/ispconfig_version
+++ /dev/null
@@ -1 +0,0 @@
-3.0.4.6
\ No newline at end of file
diff --git a/interface/web/themes/default_combobox/templates/main.tpl.htm b/interface/web/themes/default_combobox/templates/main.tpl.htm
deleted file mode 100644
index a3929558db44ba874b11a37342c5c0dc07214303..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_combobox/templates/main.tpl.htm
+++ /dev/null
@@ -1,342 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
- <title><tmpl_var name="app_title"> <tmpl_var name="app_version"></title>
- <meta http-equiv="Content-Type" content="text/html; charset=<tmpl_var name="html_content_encoding">"/>
- <meta http-equiv="X-UA-Compatible" content="IE=8"/>
- <link href="themes/default_304/css/central.css" rel="stylesheet" type="text/css"/>
- <!--[if lte IE 7]>
- <link href="themes/default_304/css/patches/central.css" rel="stylesheet" type="text/css" />
- <![endif]-->
- <!--[if lte ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <!--[if gt ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <link href="themes/default_304/css/screen/redmond/jquery-ui-1.8.16.custom.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_304/css/screen/jquery-ui-custom.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_combobox/css/additional.css" rel="stylesheet" type="text/css"/>
- <link rel="shortcut icon" href="/themes/default_304/images/favicon.ico" />
- <script type="text/javascript" src="js/jquery-1.6.3.min.js"></script>
- <script type="text/javascript" src="js/jquery-ui-1.8.16.custom.min.js"></script>
- <script type="text/javascript" src="js/scrigo.js.php"></script>
- <script type="text/javascript" src="js/uni-form/uni-form.jquery.js"></script>
- <script type="text/javascript" src="js/jquery.ispconfigsearch.js"></script>
- <script type="text/javascript" src="js/jquery.tipsy.js"></script>
- <script language="JavaScript" type="text/javascript">
- var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;
- if(!is_chrome && getInternetExplorerVersion() > 8.0) {
- var style = document.createElement('style');
- style.innerHTML = '#page_margins { min-width: 980px; max-width: 80%; background: #fff; display: table;}';
- document.getElementsByTagName("head")[0].appendChild(style);
- }
-
-
- jQuery(document).ready(function() {
- loadInitContent();
-
- $("#pageForm").submit(function(e){
- //Prevent form submit: e.preventDefault() in lists
- if ($(".panel #Filter").length > 0) {
- e.preventDefault();
- }
- });
-
- jQuery('.subsectiontoggle').live("click", function(){
- jQuery(this).children().toggleClass('showing').end().next().slideToggle();
- });
-
- jQuery('#globalsearch').ispconfigSearch({
- dataSrc: '/dashboard/ajax_get_json.php?type=globalsearch',
- resultsLimit: '$ <tmpl_var name="globalsearch_resultslimit_of_txt"> % <tmpl_var name="globalsearch_resultslimit_results_txt">',
- noResultsText: '<tmpl_var name="globalsearch_noresults_text_txt">',
- noResultsLimit: '<tmpl_var name="globalsearch_noresults_limit_txt">',
- searchFieldWatermark: '<tmpl_var name="globalsearch_searchfield_watermark_txt">'
- });
-
- jQuery('.ttip').tipsy({live: true, gravity: 'ne', html: true});
-
- tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled>';
- tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled>';
- tabChangeWarningTxt = '<tmpl_var name="global_tabchange_warning_txt">';
- tabChangeDiscardTxt = '<tmpl_var name="global_tabchange_discard_txt">';
- });
-
- jQuery(document).bind("change", function(event) {
- var elName = event.target.localName;
- if (jQuery(".panel #Filter").length > 0 && elName == 'select') {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- if(elName == 'select' || elName == 'input' || elName == 'textarea') {
- // set marker that something was changed
- pageFormChanged = true;
- }
- });
-
- jQuery(".ui-autocomplete a").live("click", function(event) {
- if ($(".panel #Filter").length > 0) {
- $(".panel #Filter").attr("onsubmit",$(".panel #Filter").attr("onclick")).submit();
- }
- });
-
- jQuery(document).bind("keypress", function(event) {
- //Use jQuery submit with keypress Enter in panel filterbar
- if (event.which == '13' && jQuery(".panel #Filter").length > 0) {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- //Use jQuery submit with keypress Enter in forms
- if (event.which == '13' && jQuery(".pnl_formsarea button.positive").length > 0 && event.target.localName != 'textarea' && jQuery(event.target).is(':input')) {
- event.preventDefault();
- jQuery(".pnl_formsarea button.positive:first").not("[disabled='disabled']").trigger('click');
- }
- });
-
- (function( $ ){
- $(".pnl_listarea th").live("click", function(){
- if($(this).attr('class').length > 0 && $("#Filter").length > 0){
- eval($("#Filter").attr("onclick").replace(".php');",".php?orderby="+$(this).attr('class')+"');"));
- var element = $(this).attr('class');
- $("#pageForm").ajaxComplete(function() {
- if($("th."+element).css("background-position") == '0px -15px'){
- if($("th."+element).css("text-align") == "right"){
- $("th."+element).css("text-align","left");
- } else {
- $("th."+element).css("text-align","right");
- }
- } else {
- $(".pnl_listarea th").css("text-align","");
- }
- $(".pnl_listarea th").css("background-position","0 0");
- $("th."+element).css("background-position","0 -15px");
- });
- }
- });
- })( jQuery );
-
- (function( $ ) {
- $.widget( "ui.combobox", {
- _create: function() {
- var self = this,
- oldWidth = this.element.width(),
- select = this.element.hide(),
- selected = select.children( ":selected" ),
- value = selected.val() ? selected.text() : "";
- var input = this.input = $( "<div class="col-sm-6"><input class="form-control" type="text"></div><div class="col-sm-3 input-sm">" )
- .insertAfter( select )
- .width( oldWidth )
- .val( value )
- .css("float","left")
- .autocomplete({
- delay: 0,
- minLength: 0,
- source: function( request, response ) {
- var matcher = new RegExp( $.ui.autocomplete.escapeRegex(request.term), "i" );
- response( select.children( "option" ).map(function() {
- var text = $( this ).text();
- if (( !request.term || matcher.test(text) ) )
- return {
- label: text.replace(
- new RegExp(
- "(?![^&;]+;)(?!</div><[^<>]*)(" +
- $.ui.autocomplete.escapeRegex(request.term) +
- ")(?![^<>]*>)(?![^&;]+;)", "gi"
- ), "<strong>$1</strong>" ),
- value: text,
- option: this
- };
- }) );
- },
- select: function( event, ui ) {
- ui.item.option.selected = true;
- self._trigger( "selected", event, {
- item: ui.item.option
- });
- },
- change: function( event, ui ) {
- if ( !ui.item ) {
- var matcher = new RegExp( "^" + $.ui.autocomplete.escapeRegex( $(this).val() ) + "$", "i" ),
- valid = false;
- select.children( "option" ).each(function() {
- if ( $( this ).text().match( matcher ) ) {
- this.selected = valid = true;
- return false;
- }
- });
- if ( !valid ) {
- // remove invalid value, as it didn't match anything
- $( this ).val( "" );
- select.val( "" );
- input.data( "autocomplete" ).term = "";
- return false;
- }
- }
- },
- // open: function(event, ui) { }, alternativ event for check by enter input
- search: function(event, ui) {
- if ( !ui.item ) {
- var matcher = new RegExp( "^" + $.ui.autocomplete.escapeRegex( $(this).val() ) + "$", "i" ),
- valid = false;
- select.children( "option" ).each(function() {
- if ( $( this ).text().match( matcher ) ) {
- this.selected = valid = true;
- return false;
- }
- });
- } }
- })
- .addClass( "ui-widget ui-widget-content ui-corner-left" );
-
- input.data( "autocomplete" )._renderItem = function( ul, item ) {
- return $( "<li></li>" )
- .data( "item.autocomplete", item )
- .append( "<a>" + item.label + "</a>" )
- .appendTo( ul );
- };
-
- this.button = $( "<button type='button'> </button>" )
- .attr( "tabIndex", -1 )
- .attr( "title", "Show All Items" )
- .height($(input).outerHeight())
- .css("float","left")
- .insertAfter( input )
- .button({
- icons: {
- primary: "ui-icon-triangle-1-s"
- },
- text: false
- })
- .removeClass( "ui-corner-all" )
- .addClass( "ui-corner-right ui-button-icon" )
- .click(function() {
- // close if already visible
- if ( input.autocomplete( "widget" ).is( ":visible" ) ) {
- input.autocomplete( "close" );
- return;
- }
-
- // work around a bug (likely same cause as #5265)
- $( this ).blur();
-
- // pass empty string as value to search for, displaying all results
- input.autocomplete( "search", "" );
- input.focus();
- });
- },
-
- destroy: function() {
- this.input.remove();
- this.button.remove();
- this.element.show();
- $.Widget.prototype.destroy.call( this );
- }
- });
- })( jQuery );
-
-
- jQuery("html").ajaxComplete( function(){
- if(jQuery(".panel .list td select").css("display") != "none"){
- jQuery(".panel .list td select").combobox();
- }
- });
- </script>
-</head>
-<body>
- <div id="page_margins">
- <div id="page">
- <div id="header">
- <div id="topsubnav">
- <!-- start: skip link navigation -->
- <a class="skip" href="#navigation" title="skip link">Skip to the navigation</a><span class="hideme">.</span>
- <a class="skip" href="#content" title="skip link">Skip to the content</a><span class="hideme">.</span>
- <!-- end: skip link navigation -->
- <tmpl_if name="cpuser">
- <span><a href="#logout" data-load-content="login/logout.php">LOGOUT <tmpl_var format="strtoupper" name="cpuser"></a><!-- | <a href="#" onclick="ISPConfig.capp('help')">Help</a> | <a href="#">Imprint</a>--></span>
- <tmpl_if name='usertype' op='==' value='normaluser'><div class="col-sm-9"><input class="form-control" type="text" id="globalsearch" value="" /></div></tmpl_if>
- </tmpl_if>
- </div>
- <h1 id="ir-HeaderLogo" class="swap" style="background-image:url('{tmpl_var name='app_logo'}');"><span>ISPConfig 3</span></h1>
- <span>hosting control panel</span>
- </div>
- <!-- begin: main navigation #nav -->
- <div id="nav">
- <a id="navigation" name="navigation"></a>
- <!-- skiplink anchor: navigation -->
- <div id="nav_main">
- <div id="topNav"> </div>
- </div>
- </div>
- <!-- end: main navigation -->
- <!-- begin: main content area #main -->
- <div id="main">
- <!-- begin: #col1 - first float column -->
- <div id="col1">
- <div id="col1_content" class="clearfix">
- <div id="sideNav"> </div>
- </div>
- </div>
- <!-- end: #col1 -->
- <!-- begin: #col3 static column -->
- <div id="col3">
- <div id="col3_content" class="clearfix">
- <a id="content" name="content"></a>
- <!-- skiplink anchor: Content -->
- <form method="post" action="" id="pageForm" name="pageForm" enctype="multipart/form-data" class="uniForm">
- <div class="col-sm-9"><input class="form-control" type="text" style="display:none" /></div><div class="col-sm-9"><input class="form-control" type="password" style="display:none"/></div><div id="pageContent"><!-- AJAX CONTENT --></div>
- </form>
- </div>
- <div id="ie_clearing"> </div>
- <!-- End: IE Column Clearing -->
- </div>
- <!-- end: #col3 -->
- </div>
- <!-- end: #main -->
- <!-- begin: #footer -->
- <div id="footer">
- Powered by <a href="<tmpl_var name="app_link">" target="_blank"><tmpl_var name="app_title"></a>
- </div><!-- end: #footer -->
- </div>
- </div>
-</body>
-</html>
diff --git a/interface/web/themes/default_no_navimg/css/additional.css b/interface/web/themes/default_no_navimg/css/additional.css
deleted file mode 100644
index d17ab55d200eea01cc3df64e92a532821dd6e2b4..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_no_navimg/css/additional.css
+++ /dev/null
@@ -1,68 +0,0 @@
-@media all
-{
- #topNav a {
- background-color: #D3D3D3;
- background-position: center top;
- background-repeat: no-repeat;
- color:black;
- display:inline-block;
- height:20px;
- padding-top:5px;
- text-align:center;
- text-decoration:none;
- width:66px;
- }
-
- .topnav-admin {
- background-image: none !important;
- }
-
- .topnav-client {
- background-image: none !important;
- }
-
- .topnav-mail {
- background-image: none !important;
- }
-
- .topnav-monitor {
- background-image: none !important;
- }
-
- .topnav-vm {
- background-image: none !important;
- }
-
- .topnav-sites {
- background-image: none !important;
- }
-
- .topnav-dns {
- background-image: none !important;
- }
-
- .topnav-tools {
- background-image: none !important;
- }
-
- .topnav-help {
- background-image: none !important;
- }
-
- .topnav- {
- background-image: none !important;
- }
-
- .topnav-domain {
- background-image: none !important;
- }
-
- .topnav-dashboard {
- background-image: none !important;
- }
-
- .topnav-billing {
- background-image: none !important;
- }
-
-}
\ No newline at end of file
diff --git a/interface/web/themes/default_no_navimg/icons/x16/arrow.png b/interface/web/themes/default_no_navimg/icons/x16/arrow.png
deleted file mode 100644
index 82cfae37cce484b4f63c7cabf3eb6ab65fe8ccd5..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_no_navimg/icons/x16/arrow.png and /dev/null differ
diff --git a/interface/web/themes/default_no_navimg/icons/x16/arrow_180.png b/interface/web/themes/default_no_navimg/icons/x16/arrow_180.png
deleted file mode 100644
index a1e5e6bc61f8403e588f24a32090b5ccae1eef74..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_no_navimg/icons/x16/arrow_180.png and /dev/null differ
diff --git a/interface/web/themes/default_no_navimg/icons/x16/arrow_stop.png b/interface/web/themes/default_no_navimg/icons/x16/arrow_stop.png
deleted file mode 100644
index 702b9b7b791ab1ffbc3ceb962b75434421d1f156..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_no_navimg/icons/x16/arrow_stop.png and /dev/null differ
diff --git a/interface/web/themes/default_no_navimg/icons/x16/arrow_stop_180.png b/interface/web/themes/default_no_navimg/icons/x16/arrow_stop_180.png
deleted file mode 100644
index 573ff4889bd49f1a63d35d9c4e7e1b440c43629e..0000000000000000000000000000000000000000
Binary files a/interface/web/themes/default_no_navimg/icons/x16/arrow_stop_180.png and /dev/null differ
diff --git a/interface/web/themes/default_no_navimg/ispconfig_version b/interface/web/themes/default_no_navimg/ispconfig_version
deleted file mode 100644
index bb19ac367e61ef69398f09154456075f734e0d46..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_no_navimg/ispconfig_version
+++ /dev/null
@@ -1 +0,0 @@
-3.0.4.6
\ No newline at end of file
diff --git a/interface/web/themes/default_no_navimg/templates/main.tpl.htm b/interface/web/themes/default_no_navimg/templates/main.tpl.htm
deleted file mode 100644
index 9904623aedc11f9d6ea7a720ea347818464a87eb..0000000000000000000000000000000000000000
--- a/interface/web/themes/default_no_navimg/templates/main.tpl.htm
+++ /dev/null
@@ -1,188 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
- <title><tmpl_var name="app_title"> <tmpl_var name="app_version"></title>
- <meta http-equiv="Content-Type" content="text/html; charset=<tmpl_var name="html_content_encoding">"/>
- <meta http-equiv="X-UA-Compatible" content="IE=8"/>
- <link href="themes/default_304/css/central.css" rel="stylesheet" type="text/css"/>
- <!--[if lte IE 7]>
- <link href="themes/default_304/css/patches/central.css" rel="stylesheet" type="text/css" />
- <![endif]-->
- <!--[if lte ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <!--[if gt ie 6]>
- <style type="text/css" media="screen">
- /*
- Move these to your IE specific stylesheet if possible
- */
- .uniForm,
- .uniForm fieldset,
- .uniForm .ctrlHolder,
- .uniForm .formHint,
- .uniForm .buttonHolder,
- .uniForm .ctrlHolder .multiField,
- .uniForm .inlineLabel{ zoom:1; }
-
- .uniForm .inlineLabels label, .uniForm .inlineLabels .label,
- .uniForm .blockLabels label, .uniForm .blockLabels .label,
- .uniForm .inlineLabel span{ padding-bottom: .2em; }
-
- .uniForm .inlineLabel input,
- .uniForm .inlineLabels .inlineLabel input,
- .uniForm .blockLabels .inlineLabel input{ margin-top: -.3em; }
- </style>
- <![endif]-->
- <link href="themes/default_304/css/screen/redmond/jquery-ui-1.8.16.custom.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_304/css/screen/jquery-ui-custom.css" rel="stylesheet" type="text/css"/>
- <link href="themes/default_no_navimg/css/additional.css" rel="stylesheet" type="text/css"/>
- <link rel="shortcut icon" href="/themes/default_304/images/favicon.ico" />
- <script type="text/javascript" src="js/jquery-1.6.3.min.js"></script>
- <script type="text/javascript" src="js/jquery-ui-1.8.16.custom.min.js"></script>
- <script type="text/javascript" src="js/scrigo.js.php"></script>
- <script type="text/javascript" src="js/uni-form/uni-form.jquery.js"></script>
- <script type="text/javascript" src="js/jquery.ispconfigsearch.js"></script>
- <script type="text/javascript" src="js/jquery.tipsy.js"></script>
- <script language="JavaScript" type="text/javascript">
- var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;
- if(!is_chrome && getInternetExplorerVersion() > 8.0) {
- var style = document.createElement('style');
- style.innerHTML = '#page_margins { min-width: 980px; max-width: 80%; background: #fff; display: table;}';
- document.getElementsByTagName("head")[0].appendChild(style);
- }
-
- jQuery(document).ready(function() {
- loadInitContent();
-
- $("#pageForm").submit(function(e){
- //Prevent form submit: e.preventDefault() in lists
- if ($(".panel #Filter").length > 0) {
- e.preventDefault();
- }
- });
-
- jQuery('.subsectiontoggle').live("click", function(){
- jQuery(this).children().toggleClass('showing').end().next().slideToggle();
- });
-
- jQuery('#globalsearch').ispconfigSearch({
- dataSrc: '/dashboard/ajax_get_json.php?type=globalsearch',
- resultsLimit: '$ <tmpl_var name="globalsearch_resultslimit_of_txt"> % <tmpl_var name="globalsearch_resultslimit_results_txt">',
- noResultsText: '<tmpl_var name="globalsearch_noresults_text_txt">',
- noResultsLimit: '<tmpl_var name="globalsearch_noresults_limit_txt">',
- searchFieldWatermark: '<tmpl_var name="globalsearch_searchfield_watermark_txt">'
- });
-
- jQuery('.ttip').tipsy({live: true, gravity: 'ne', html: true});
-
- tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled>';
- tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled>';
- tabChangeWarningTxt = '<tmpl_var name="global_tabchange_warning_txt">';
- tabChangeDiscardTxt = '<tmpl_var name="global_tabchange_discard_txt">';
- });
-
- jQuery(document).bind("change", function(event) {
- var elName = event.target.localName;
- if (jQuery(".panel #Filter").length > 0 && elName == 'select') {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- if(elName == 'select' || elName == 'input' || elName == 'textarea') {
- // set marker that something was changed
- pageFormChanged = true;
- }
- });
-
- jQuery(document).bind("keypress", function(event) {
- //Use jQuery submit with keypress Enter in panel filterbar
- if (event.which == '13' && jQuery(".panel #Filter").length > 0) {
- event.preventDefault();
- jQuery(".panel #Filter").trigger('click');
- }
- //Use jQuery submit with keypress Enter in forms
- if (event.which == '13' && jQuery(".pnl_formsarea button.positive").length > 0 && event.target.localName != 'textarea' && jQuery(event.target).is(':input')) {
- event.preventDefault();
- jQuery(".pnl_formsarea button.positive:first").not("[disabled='disabled']").trigger('click');
- }
- });
-
- </script>
-</head>
-<body>
- <div id="page_margins">
- <div id="page">
- <div id="header">
- <div id="topsubnav">
- <!-- start: skip link navigation -->
- <a class="skip" href="#navigation" title="skip link">Skip to the navigation</a><span class="hideme">.</span>
- <a class="skip" href="#content" title="skip link">Skip to the content</a><span class="hideme">.</span>
- <!-- end: skip link navigation -->
- <tmpl_if name="cpuser">
- <span><a href="#logout" data-load-content="login/logout.php">LOGOUT <tmpl_var format="strtoupper" name="cpuser"></a><!-- | <a href="#" onclick="ISPConfig.capp('help')">Help</a> | <a href="#">Imprint</a>--></span>
- <tmpl_if name='usertype' op='==' value='normaluser'><div class="col-sm-9"><input class="form-control" type="text" id="globalsearch" value="" /></div></tmpl_if>
- </tmpl_if>
- </div>
- <h1 id="ir-HeaderLogo" class="swap" style="background-image:url('{tmpl_var name='app_logo'}');"><span>ISPConfig 3</span></h1>
- <span>hosting control panel</span>
- </div>
- <!-- begin: main navigation #nav -->
- <div id="nav">
- <a id="navigation" name="navigation"></a>
- <!-- skiplink anchor: navigation -->
- <div id="nav_main">
- <div id="topNav"> </div>
- </div>
- </div>
- <!-- end: main navigation -->
- <!-- begin: main content area #main -->
- <div id="main">
- <!-- begin: #col1 - first float column -->
- <div id="col1">
- <div id="col1_content" class="clearfix">
- <div id="sideNav"> </div>
- </div>
- </div>
- <!-- end: #col1 -->
- <!-- begin: #col3 static column -->
- <div id="col3">
- <div id="col3_content" class="clearfix">
- <a id="content" name="content"></a>
- <!-- skiplink anchor: Content -->
- <form method="post" action="" id="pageForm" name="pageForm" enctype="multipart/form-data" class="uniForm">
- <div class="col-sm-9"><input class="form-control" type="text" style="display:none" /></div><div class="col-sm-9"><input class="form-control" type="password" style="display:none"/></div><div id="pageContent"><!-- AJAX CONTENT --></div>
- </form>
- </div>
- <div id="ie_clearing"> </div>
- <!-- End: IE Column Clearing -->
- </div>
- <!-- end: #col3 -->
- </div>
- <!-- end: #main -->
- <!-- begin: #footer -->
- <div id="footer">
- Powered by <a href="<tmpl_var name="app_link">" target="_blank"><tmpl_var name="app_title"></a>
- </div><!-- end: #footer -->
- </div>
- </div>
-</body>
-</html>
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 775d515289e09103a5302b5ab99f720fbbf1c647..b81a83bdec6277f32bcf5842312a49842fea5ac3 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -86,44 +86,74 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$domains = $exdb->queryAllRecords("SELECT * FROM domains WHERE type = 'MASTER'");
if(is_array($domains)) {
foreach($domains as $domain) {
- $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);
+ $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ?", $domain['id']);
if(is_array($soa)) {
$parts = explode(' ', $soa['content']);
- $origin = $app->db->quote(addot($soa['name']));
- $ns = $app->db->quote(addot($parts[0]));
- $mbox = $app->db->quote(addot($parts[1]));
- $serial = $app->db->quote($parts[2]);
+ $origin = addot($soa['name']);
+ $ns = addot($parts[0]);
+ $mbox = addot($parts[1]);
+ $serial = $parts[2];
$refresh = 7200;
$retry = 540;
$expire = 604800;
- $minimum = 86400;
- $ttl = $app->db->quote($soa['ttl']);
-
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '')";
+ $minimum = 3600;
+ $ttl = $soa['ttl'];
+
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => ''
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
unset($parts);
$msg .= 'Import Zone: '.$soa['name'].'<br />';
//* Process the other records
- $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ".$domain['id']);
+ $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ?", $domain['id']);
if(is_array($records)) {
foreach($records as $rec) {
$rr = array();
- $rr['name'] = $app->db->quote(addot($rec['name']));
- $rr['type'] = $app->db->quote($rec['type']);
- $rr['aux'] = $app->db->quote($rec['prio']);
- $rr['ttl'] = $app->db->quote($rec['ttl']);
+ $rr['name'] = addot($rec['name']);
+ $rr['type'] = $rec['type'];
+ $rr['aux'] = $rec['prio'];
+ $rr['ttl'] = $rec['ttl'];
if($rec['type'] == 'NS' || $rec['type'] == 'MX' || $rec['type'] == 'CNAME') {
- $rr['data'] = $app->db->quote(addot($rec['content']));
+ $rr['data'] = addot($rec['content']);
} else {
- $rr['data'] = $app->db->quote($rec['content']);
+ $rr['data'] = $rec['content'];
}
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
//$msg .= $insert_data.'<br />';
diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index f81ce2d1572ff259983b4639b81c98c6ab6e22e4..f213605bf787aaa739f69b7b853507f607128e17 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -96,7 +96,7 @@ if($_SESSION["s"]["user"]["typ"] == 'admin') {
}
}
} else {
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = '".$_SESSION["s"]["user"]['username']."'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = ?", $_SESSION["s"]["user"]['username']);
$modules = $tmp['modules'];
//$modules = $conf['interface_modules_enabled'];
if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 75e59929df7eeeeb768c23175942fa2a3466029e..0998d1840ef049e43116858636089f0cec814ccd 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -143,7 +143,7 @@ function start_domain_import($mail_domain) {
//* Get the user and groupid for the new records
$sys_groupid = $app->functions->intval($_POST['client_group_id']);
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
$sys_userid = $app->functions->intval($tmp['userid']);
unset($tmp);
if($sys_groupid == 0) $error .= 'Inavlid groupid<br />';
@@ -159,7 +159,7 @@ function start_domain_import($mail_domain) {
$mail_domain_rec = $client->mail_domain_get($remote_session_id, array('domain' => $mail_domain));
if(is_array($mail_domain_rec)) {
$mail_domain_rec = $mail_domain_rec[0];
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '".$app->db->quote($mail_domain)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $mail_domain);
if($tmp['number'] > 0) $error .= 'Domain '.$mail_domain.' exists already in local database.<br />';
unset($tmp);
@@ -182,7 +182,7 @@ function start_domain_import($mail_domain) {
$mail_users = $client->mail_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
if(is_array($mail_users)) {
foreach($mail_users as $mail_user) {
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($mail_user['email'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $mail_user['email']);
if($tmp['number'] == 0) {
//* Prepare record
@@ -229,7 +229,7 @@ function start_domain_import($mail_domain) {
$mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'alias', 'destination' => '%@'.$mail_domain));
if(is_array($mail_aliases)) {
foreach($mail_aliases as $mail_alias) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
if($tmp['number'] == 0) {
$mail_alias['sys_userid'] = $sys_userid;
$mail_alias['sys_groupid'] = $sys_groupid;
@@ -250,7 +250,7 @@ function start_domain_import($mail_domain) {
$mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'aliasdomain', 'destination' => '@'.$mail_domain));
if(is_array($mail_aliases)) {
foreach($mail_aliases as $mail_alias) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
if($tmp['number'] == 0) {
$mail_alias['sys_userid'] = $sys_userid;
$mail_alias['sys_groupid'] = $sys_groupid;
@@ -271,7 +271,7 @@ function start_domain_import($mail_domain) {
$mail_forwards = $client->mail_forward_get($remote_session_id, array('type' => 'forward', 'source' => '%@'.$mail_domain));
if(is_array($mail_forwards)) {
foreach($mail_forwards as $mail_forward) {
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = '".$app->db->quote($mail_forward['source'])."' AND destination = '".$app->db->quote($mail_forward['destination'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = ? AND destination = ?", $mail_forward['source'], $mail_forward['destination']);
if($tmp['number'] == 0) {
$mail_forward['sys_userid'] = $sys_userid;
$mail_forward['sys_groupid'] = $sys_groupid;
@@ -292,7 +292,7 @@ function start_domain_import($mail_domain) {
$mail_spamfilters = $client->mail_spamfilter_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
if(is_array($mail_spamfilters)) {
foreach($mail_spamfilters as $mail_spamfilter) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = '".$app->db->quote($mail_spamfilter['email'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = ?", $mail_spamfilter['email']);
if($tmp['number'] == 0) {
$mail_spamfilter['sys_userid'] = $sys_userid;
$mail_spamfilter['sys_groupid'] = $sys_groupid;
diff --git a/interface/web/tools/import_plesk.php b/interface/web/tools/import_plesk.php
deleted file mode 100644
index f6e2890ea1546d28d3d8fae078df7e03adfec797..0000000000000000000000000000000000000000
--- a/interface/web/tools/import_plesk.php
+++ /dev/null
@@ -1,1430 +0,0 @@
-<?php
-/*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
-Plesk(r) Importer (c) 2012, Marius Cramer, pixcept KG
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the name of ISPConfig nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-global $app, $conf;
-
-require_once '../../lib/config.inc.php';
-
-require_once '../../lib/app.inc.php';
-
-/**
- *
- * @param db $exdb
- * @return array
- */
-
-
-function read_limit_data($exdb) {
- $limits = array();
- // Limits
- $limit_data = $exdb->queryAllRecords("SELECT l.id, l.limit_name, l.value FROM Limits as l");
- foreach($limit_data as $entry) {
- if(array_key_exists($entry['id'], $limits) == false) $limits[$entry['id']] = array();
- $limits[$entry['id']][$entry['limit_name']] = $entry['value'];
-
- // limits that are there:
- /*
- disk_space
- disk_space_soft
- expiration
- max_box
- max_db
- max_dom_aliases
- max_maillists
- max_mn
- max_site
- max_site_builder
- max_subdom
- max_subftp_users
- max_traffic
- max_traffic_soft
- max_unity_mobile_sites
- max_webapps
- max_wu
- mbox_quota
- */
- }
-
- return $limits;
-}
-
-
-/**
- *
- * @param array $limits
- * @param int $id
- * @param string $limit
- * @param mixed $default
- * @return mixed
- */
-function get_limit($limits, $id, $limit, $default = false) {
- $ret = $default;
- if(isset($limits[$id][$limit])) $ret = $limits[$id][$limit];
-
- return $ret;
-}
-
-function get_option($options, $option, $default = false) {
- $ret = $default;
- if(isset($options[$option])) $ret = $options[$option];
-
- return $ret;
-}
-
-function add_dot($string) {
- if(strlen($string) > 0 && substr($string, -1, 1) !== '.') $string .= '.';
- return $string;
-}
-
-function byte_to_mbyte($byte) {
- if($byte <= 0) return $byte; // limit = -1 -> unlimited
- return round($byte / (1024*1024));
-}
-
-function yes_no($num, $reverse = false) {
- return ($num == 1 && !$reverse) || ($num != 1 && $reverse) ? 'y' : 'n';
-}
-
-// taken from the web_domain_edit.php
-function id_hash($id, $levels) {
- $hash = "" . $id % 10 ;
- $id /= 10 ;
- $levels -- ;
- while ( $levels > 0 ) {
- $hash .= "/" . $id % 10 ;
- $id /= 10 ;
- $levels-- ;
- }
- return $hash;
-}
-
-$COMMANDS = 'unset HISTFILE
-MYSERVER="192.168.1.10"
-MYSQL_EXPORT_USER="root"
-MYSQL_EXPORT_PASS=""
-MYSQL_IMPORT_USER="root"
-MYSQL_IMPORT_PASS=""
-';
-
-function add_command($cmd) {
- global $COMMANDS;
-
- $COMMANDS .= $cmd . "\n";
-}
-
-
-/* TODO: document root rewrite on ftp account and other home directories */
-
-//* Check permissions for module
-$app->auth->check_module_permissions('admin');
-
-//* This is only allowed for administrators
-if(!$app->auth->is_admin()) die('only allowed for administrators.');
-
-$app->uses('tpl,getconf');
-$app->load('importer');
-
-$app->tpl->newTemplate('form.tpl.htm');
-$app->tpl->setInclude('content_tpl', 'templates/import_plesk.htm');
-$msg = '';
-$error = '';
-
-// Start migrating plesk data
-if(isset($_POST['start']) && $_POST['start'] == 1) {
-
- //* Set variable sin template
- $app->tpl->setVar('dbhost', $_POST['dbhost']);
- $app->tpl->setVar('dbname', $_POST['dbname']);
- $app->tpl->setVar('dbuser', $_POST['dbuser']);
- $app->tpl->setVar('dbpassword', $_POST['dbpassword']);
- $app->tpl->setVar('webcontent', $_POST['webcontent']);
- $app->tpl->setVar('mailcontent', $_POST['mailcontent']);
-
- //* Establish connection to external database
- $msg .= 'Connecting to external database...<br />';
-
- //* Backup DB login details
- /*$conf_bak['db_host'] = $conf['db_host'];
- $conf_bak['db_database'] = $conf['db_database'];
- $conf_bak['db_user'] = $conf['db_user'];
- $conf_bak['db_password'] = $conf['db_password'];*/
-
- //* Set external Login details
- $conf['imp_db_host'] = $_POST['dbhost'];
- $conf['imp_db_database'] = $_POST['dbname'];
- $conf['imp_db_user'] = $_POST['dbuser'];
- $conf['imp_db_password'] = $_POST['dbpassword'];
- $conf['imp_db_charset'] = $conf['db_charset'];
- $conf['imp_db_new_link'] = $conf['db_new_link'];
- $conf['imp_db_client_flags'] = $conf['db_client_flags'];
-
- //* create new db object
- $exdb = new db('imp');
-
- $msg .= 'db object created...<br />';
-
- $importer = new importer();
- $session_id = 'ISPC3'; // set dummy session id for remoting lib
- $msg .= 'importer object created...<br />';
-
- // import on server
- $server_id = 1;
-
- //* Connect to DB
- if($exdb !== false) {
- $msg .= 'Connecting to external database done...<br />';
-
- $limits = read_limit_data($exdb);
-
- $msg .= 'read all limit data...<br />';
-
- // param_id -> cl_params table - not needed for import
- // tpye = admin, reseller, client
- $admins = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'admin' ORDER BY c.parent_id, c.id");
- $resellers = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'reseller' ORDER BY c.parent_id, c.id");
- $clients = $exdb->queryAllRecords("SELECT c.id, c.parent_id, c.type, c.cr_date, c.cname, c.pname, c.login, c.account_id, a.password, a.type as `pwtype`, c.status, c.phone, c.fax, c.email, c.address, c.city, c.state, c.pcode, c.country, c.locale, c.limits_id, c.params_id, c.perm_id, c.pool_id, c.logo_id, c.tmpl_id, c.guid, c.overuse, c.vendor_id, c.external_id FROM clients as c LEFT JOIN accounts as a ON (a.id = c.account_id) WHERE c.type = 'client' ORDER BY c.parent_id, c.id");
-
- $users = array_merge($admins, $resellers, $clients);
- $msg .= 'read all users (' . count($users) . ')...<br />';
-
-
- $plesk_ispc_ids = array(); // array with key = plesk id, value = ispc id
-
- $phpopts = array('no', 'fast-cgi', 'cgi', 'mod', 'suphp', 'php-fpm');
-
- // import admins / resellers
- for($i = 0; $i < count($users); $i++) {
- $entry = $users[$i];
-
- $old_client = $importer->client_get_by_username($session_id, $entry['login']);
- if($old_client) {
- if($old_client['client_id'] == 0) {
- $entry['login'] = 'psa_' . $entry['login'];
- $old_client = $importer->client_get_by_username($session_id, $entry['login']);
- if($old_client) {
- $msg .= $entry['login'] . ' existed, updating id ' . $old_client['client_id'] . '<br />';
- }
- } else {
- $msg .= $entry['login'] . ' existed, updating id ' . $old_client['client_id'] . '<br />';
- }
- }
- $params = array(
- 'company_name' => $entry['cname'],
- 'contact_name' => $entry['pname'],
- 'customer_no' => 'Plesk' . $entry['id'],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'language' => substr($entry['locale'], 0, 2), // plesk stores as de-DE or en-US
- //'usertheme' => '',
- 'street' => $entry['address'],
- 'zip' => $entry['pcode'],
- 'city' => $entry['city'],
- 'state' => $entry['state'],
- 'country' => $entry['country'],
- 'telephone' => $entry['phone'],
- //'mobile' => $entry[''],
- 'fax' => $entry['fax'],
- 'email' => $entry['email'],
- //'internet' => $entry[''],
- //'icq' => $entry[''],
- //'vat_id' => $entry[''],
- //'company_id' => $entry[''],
- //'bank_account_number' => $entry[''],
- //'bank_code' => $entry[''],
- //'bank_name' => $entry[''],
- //'bank_account_iban' => $entry[''],
- //'bank_account_swift' => $entry[''],
- 'notes' => 'imported from Plesk id ' . $entry['id'],
- //'template_master' => $entry[''],
- //'template_additional' => $entry[''],
- //'default_mailserver' => $entry[''],
- 'limit_maildomain' => get_limit($limits, $entry['id'], 'max_site', -1),
- 'limit_mailbox' => get_limit($limits, $entry['id'], 'max_box', -1),
- 'limit_mailalias' => get_limit($limits, $entry['id'], 'max_mn', -1),
- 'limit_mailaliasdomain' => get_limit($limits, $entry['id'], 'max_dom_aliases', -1),
- 'limit_mailmailinglist' => get_limit($limits, $entry['id'], 'max_maillists', -1),
- 'limit_mailforward' => get_limit($limits, $entry['id'], 'max_mn', -1),
- 'limit_mailcatchall' => 1,
- 'limit_mailrouting' => 0,
- 'limit_mailfilter' => 0,
- 'limit_fetchmail' => 0,
- 'limit_mailquota' => get_limit($limits, $entry['id'], 'mbox_quota', -1),
- 'limit_spamfilter_wblist' => 0,
- 'limit_spamfilter_user' => 0,
- 'limit_spamfilter_policy' => 0,
- //'default_webserver' => '',
- 'limit_web_domain' => get_limit($limits, $entry['id'], 'max_site', -1),
- 'limit_web_quota' => intval(get_limit($limits, $entry['id'], 'disk_space', -1)),
- 'web_php_options' => implode(',', $phpopts),
- 'limit_web_aliasdomain' => get_limit($limits, $entry['id'], 'max_dom_aliases', -1),
- 'limit_web_subdomain' => get_limit($limits, $entry['id'], 'max_subdom', -1),
- 'limit_ftp_user' => (string)($app->functions->intval(get_limit($limits, $entry['id'], 'max_subftp_users', -2)) + 1),
- 'limit_shell_user' => 0,
- 'ssh_chroot' => 'no,jailkit',
- 'limit_webdav_user' => get_limit($limits, $entry['id'], 'max_wu', 0),
- //'default_dnsserver' => '',
- 'limit_dns_zone' => -1,
- 'limit_dns_slave_zone' => -1,
- 'limit_dns_record' => -1,
- 'limit_client' => ($entry['type'] == 'client' ? 0 : -1),
- //'default_dbserver' => '',
- 'limit_database' => get_limit($limits, $entry['id'], 'max_db', -1),
- 'limit_cron' => 0,
- 'limit_cron_type' => 'url',
- 'limit_cron_frequency' => '5',
- 'limit_traffic_quota' => intval(get_limit($limits, $entry['id'], 'max_traffic', -1)),
- 'limit_openvz_vm' => 0,
- 'limit_openvz_vm_template_id' => ''
- );
- $reseller_id = 0;
- if($entry['parent_id'] != 0) {
- if(array_key_exists($entry['parent_id'], $plesk_ispc_ids)) {
- $reseller_id = $plesk_ispc_ids[$entry['parent_id']];
- }
- }
-
- if($old_client) {
- $new_id = $old_client['client_id'];
- $ok = $importer->client_update($session_id, $old_client['client_id'], $reseller_id, array_merge($old_client, $params));
- if($ok === false) {
-
- }
- } else {
- $new_id = $importer->client_add($session_id, $reseller_id, $params);
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Client " . $entry['id'] . " (" . $entry['pname'] . ") could not be inserted/updated.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Client " . $entry['id'] . " (" . $entry['pname'] . ") inserted/updated.<br />";
- }
-
- $plesk_ispc_ids[$entry['id']] = $new_id;
- }
- unset($users);
- unset($clients);
- unset($resellers);
- unset($admins);
-
- $web_config = $app->getconf->get_server_config($server_id, 'web');
-
- $domains = $exdb->queryAllRecords("SELECT d.id, d.cr_date, d.name, d.displayName, d.dns_zone_id, d.status, d.htype, d.real_size, d.cl_id, d.limits_id, d.params_id, d.guid, d.overuse, d.gl_filter, d.vendor_id, d.webspace_id, d.webspace_status, d.permissions_id, d.external_id FROM domains as d WHERE d.parentDomainId = 0");
- $dom_ftp_users = array();
- $domain_ids = array();
- $domain_roots = array();
- $domain_owners = array();
- $dns_domain_ids = array();
- $maildomain_ids = array();
- foreach($domains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['id'] . "'");
- $options = array();
- while($opt = $res->get()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- /* TODO: options that might be used later:
- * OveruseBlock true/false
- * OveruseNotify true/false
- * OveruseSuspend true/false
- * wu_script true/false (webusers allowed to use scripts?)
- * webmail string (webmailer used - horde)
- */
-
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM hosting as h LEFT JOIN sys_users as s ON (s.id = h.sys_user_id) LEFT JOIN accounts as a ON (s.account_id = a.id) WHERE h.dom_id = '" . $entry['id'] . "'");
- if($hosting['sys_user_id']) {
- $dom_ftp_users[] = array('id' => 0,
- 'dom_id' => $hosting['dom_id'],
- 'sys_user_id' => $hosting['sys_user_id'],
- 'login' => $hosting['login'],
- 'account_id' => $hosting['account_id'],
- 'home' => $hosting['home'],
- 'shell' => $hosting['shell'],
- 'quota' => $hosting['quota'],
- 'mapped_to' => $hosting['mapped_to'],
- 'password' => $hosting['password'],
- 'pwtype' => $hosting['pwtype']
- );
- }
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
-
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'],
- 'type' => 'vhost', // can be vhost or alias
- 'parent_domain_id' => '', // only if alias
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => 'www', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- // find already inserted domain
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $msg .= "Found domain with id " . $new_id . ", updating it.<br />";
- $params = array_merge($old_domain, $params);
- $ok = $importer->sites_web_domain_update($session_id, $plesk_ispc_ids[$entry['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->sites_web_domain_add($session_id, $plesk_ispc_ids[$entry['cl_id']], $params, true); // read only...
- }
-
- $domain_ids[$entry['id']] = $new_id;
- $domain_roots[$entry['id']] = $entry['www_root'];
- $domain_owners[$entry['id']] = $entry['cl_id'];
- $dns_domain_ids[$entry['dns_zone_id']] = $entry['id'];
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Domain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Domain " . $entry['id'] . " (" . $entry['name'] . ") inserted -> " . $new_id . ".<br />";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/web/index.html ]] ; then rm ' . $path . '/web/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $hosting['www_root'] . '/ ' . $path . '/web/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('grep ' . escapeshellarg($hosting['www_root']) . ' ' . $path . '/web -r -l | xargs replace ' . escapeshellarg($hosting['www_root']) . ' ' . escapeshellarg($path . '/web') . ' --');
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
- }
-
- // add domain to mail domains too
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'active' => yes_no(($entry['status'] == 0 ? 1 : 0))
- );
- $old_domain = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found maildomain with id " . $new_id . ", updating it.<br />";
- $ok = $importer->mail_domain_update($session_id, $plesk_ispc_ids[$entry['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Inserting new maildomain " . $entry['name'] . ".<br />";
- $new_id = $importer->mail_domain_add($session_id, $plesk_ispc_ids[$entry['cl_id']], $params);
- }
-
- $maildomain_ids[$entry['id']] = $new_id;
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Maildomain (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Maildomain " . $new_id . " (" . $entry['name'] . ") inserted.<br />";
- }
-
- }
-
- $domain_aliases = $exdb->queryAllRecords("SELECT da.id, da.name, da.displayName, da.dns, da.mail, da.web, da.dom_id, da.status FROM domainaliases as da");
- foreach($domain_aliases as $entry) {
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'type' => 'alias',
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'redirect_type' => '',
- 'redirect_path' => '',
- 'subdomain' => 'www',
- 'active' => yes_no(($entry['status'] == 0 && $entry['web'] === 'true') ? 1 : 0)
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain with id " . $new_id . ", updating it.<br />";
- $ok = $importer->sites_web_aliasdomain_update($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->sites_web_aliasdomain_add($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Aliasdomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Aliasdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted.<br />";
- }
-
- // add alias to mail domains, too
- $params = array(
- 'server_id' => $server_id,
- 'domain' => $entry['name'],
- 'active' => yes_no(($entry['status'] == 0 && $entry['mail'] === 'true') ? 1 : 0)
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found mail domain with id " . $new_id . ", updating it.<br />";
- $ok = $importer->mail_domain_update($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->mail_domain_add($session_id, $plesk_ispc_ids[$domain_owners[$entry['dom_id']]], $params);
- }
-
- $maildomain_ids[$entry['id']] = $new_id;
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Aliasmaildomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Aliasmaildomain " . $entry['id'] . " (" . $entry['name'] . ") inserted.<br />";
- }
- }
-
- $subdomain_ids = array();
- $subdomain_roots = array();
- $subdomain_owners = array();
-
- $subdomains = $exdb->queryAllRecords("SELECT d.id, d.cr_date, d.name, d.displayName, d.dns_zone_id, d.status, d.htype, d.real_size, d.cl_id, d.limits_id, d.params_id, d.guid, d.overuse, d.gl_filter, d.vendor_id, d.webspace_id, d.webspace_status, d.permissions_id, d.external_id, d.parentDomainId FROM domains as d WHERE d.parentDomainId != 0");
- foreach($subdomains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['id'] . "'");
- $options = array();
- while($opt = $exdb->nextRecord()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['parentDomainId'] . "'");
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM hosting as h LEFT JOIN sys_users as s ON (s.id = h.sys_user_id) LEFT JOIN accounts as a ON (s.account_id = a.id) WHERE h.dom_id = '" . $entry['id'] . "'");
- if($hosting['sys_user_id']) {
- $dom_ftp_users[] = array('id' => 0,
- 'dom_id' => $hosting['dom_id'],
- 'sys_user_id' => $hosting['sys_user_id'],
- 'login' => $hosting['login'],
- 'account_id' => $hosting['account_id'],
- 'home' => $hosting['home'],
- 'shell' => $hosting['shell'],
- 'quota' => $hosting['quota'],
- 'mapped_to' => $hosting['mapped_to'],
- 'password' => $hosting['password'],
- 'pwtype' => $hosting['pwtype']
- );
- }
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
-
- $web_folder = $hosting['www_root'];
- $web_folder = preg_replace('/^\/(var|srv)\/www\/(vhosts\/)?[^\/]+\/(.*)\/httpdocs.*/', '$3', $web_folder);
-
- //if(substr($web_folder, 0, 1) === '/') $web_folder = substr($web_folder, 1);
- //if(substr($web_folder, -1, 1) === '/') $web_folder = substr($web_folder, 0, -1);
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'],
- 'web_folder' => $web_folder,
- 'type' => 'vhostsubdomain', // can be vhost or alias
- 'parent_domain_id' => $domain_ids[$entry['parentDomainId']],
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => '', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain " . $entry['name'] . " with id " . $new_id . ", updating it.<br />";
- $ok = $importer->sites_web_vhost_subdomain_update($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->sites_web_vhost_subdomain_add($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $params, true); // read only...
- }
-
- $subdomain_ids[$entry['id']] = $new_id;
- $subdomain_roots[$entry['id']] = $hosting['www_root'];
- $subdomain_owners[$entry['id']] = $entry['cl_id'];
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") with folder \"" . $web_folder . "\" could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted.<br />";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/' . $web_folder . '/index.html ]] ; then rm ' . $path . '/' . $web_folder . '/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $hosting['www_root'] . '/ ' . $path . '/' . $web_folder . '/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('grep ' . escapeshellarg($hosting['www_root']) . ' ' . $path . '/web -r -l | xargs replace ' . escapeshellarg($hosting['www_root']) . ' ' . escapeshellarg($path . '/web') . ' --');
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
-
- }
- $domain_ids[$entry['id']] = $new_id;
- }
-
- // subdomains in plesk are real vhosts, so we have to treat them as vhostsubdomains
- $subdomains = $exdb->queryAllRecords("SELECT d.id, d.dom_id, d.name, d.displayName, d.sys_user_id, d.ssi, d.php, d.cgi, d.perl, d.python, d.fastcgi, d.miva, d.coldfusion, d.asp, d.asp_dot_net, d.ssl, d.same_ssl, d.php_handler_type, d.www_root, d.maintenance_mode, d.certificate_id FROM subdomains as d");
- foreach($subdomains as $entry) {
- $res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['dom_id'] . "'");
- $options = array();
- while($opt = $res->get()) {
- $options[$opt['param']] = $opt['val'];
- }
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
-
- /* TODO: options that might be used later:
- * OveruseBlock true/false
- * OveruseNotify true/false
- * OveruseSuspend true/false
- * wu_script true/false (webusers allowed to use scripts?)
- * webmail string (webmailer used - horde)
- */
-
- $redir_type = '';
- $redir_path = '';
-
- if($entry['htype'] === 'std_fwd') {
- // redirection
- $redir = $exdb->queryOneRecord("SELECT f.dom_id, f.ip_address_id, f.redirect FROM forwarding as f WHERE f.dom_id = '" . $entry['id'] . "'");
- $redir_type = 'R,L';
- $redir_path = $redir['redirect'];
- } elseif($entry['htype'] === 'vrt_hst') {
- // default virtual hosting (vhost)
- } else {
- /* TODO: unknown type */
- }
-
- $hosting = $exdb->queryOneRecord("SELECT h.dom_id, h.sys_user_id, h.ip_address_id, h.real_traffic, h.fp, h.fp_ssl, h.fp_enable, h.fp_adm, h.fp_pass, h.ssi, h.php, h.cgi, h.perl, h.python, h.fastcgi, h.miva, h.coldfusion, h.asp, h.asp_dot_net, h.ssl, h.webstat, h.same_ssl, h.traffic_bandwidth, h.max_connection, h.php_handler_type, h.www_root, h.maintenance_mode, h.certificate_id FROM hosting as h WHERE h.dom_id = '" . $entry['dom_id'] . "'");
- $hosting = array_merge($hosting, $entry); //settings from subdomain override parent settings
-
- $phpmode = 'no';
- if(get_option($hosting, 'php', 'false') === 'true') {
- $mode = get_option($hosting, 'php_handler_type', 'module');
- if($mode === 'module') $phpmode = 'mod';
- else $phpmode = 'fast-cgi';
- /* TODO: what other options could be in "php_handler_type"? */
- }
- /* TODO: plesk offers some more options:
- * sys_user_id -> owner of files?
- * ip_address_id - needed?
- * fp - frontpage extensions
- * miva - ?
- * coldfusion
- * asp
- * asp_dot_net
- * traffic_bandwidth
- * max_connections
- */
-
- $web_folder = $entry['www_root'];
- $web_folder = preg_replace('/^\/(var|srv)\/www\/(vhosts\/)?[^\/]+\/(.*)\/httpdocs.*/', '$3', $web_folder);
-
- $params = array(
- 'server_id' => $server_id,
- 'ip_address' => '*',
- //'ipv6_address' => '',
- 'domain' => $entry['name'] . '.' . $parent_domain['name'],
- 'web_folder' => $web_folder,
- 'type' => 'vhostsubdomain', // can be vhost or alias
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'vhost_type' => 'name', // or ip (-based)
- 'hd_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'disk_space', -1)),
- 'traffic_quota' => byte_to_mbyte(get_limit($limits, $entry['dom_id'], 'max_traffic', -1)),
- 'cgi' => yes_no(get_option($hosting, 'cgi', 'false') === 'true' ? 1 : 0),
- 'ssi' => yes_no(get_option($hosting, 'ssi', 'false') === 'true' ? 1 : 0),
- 'suexec' => yes_no(1), // does plesk use this?!
- 'errordocs' => get_option($options, 'apacheErrorDocs', 'false') === 'true' ? 1 : 0,
- 'subdomain' => '', // plesk always uses this option
- 'ssl' => yes_no(get_option($hosting, 'ssl', 'false') === 'true' ? 1 : 0),
- 'php' => $phpmode,
- 'fastcgi_php_version' => '', // plesk has no different php versions
- 'ruby' => yes_no(0), // plesk has no ruby support
- 'python' => yes_no(get_option($hosting, 'python', 'false') === 'true' ? 1 : 0),
- 'active' => yes_no(($entry['status'] == 0 && get_option($hosting, 'maintenance_mode', 'false') !== 'true') ? 1 : 0),
- 'redirect_type' => $redir_type,
- 'redirect_path' => $redir_path,
- 'seo_redirect' => '',
- 'ssl_state' => $entry[''],
- 'ssl_locality' => $entry[''],
- 'ssl_organisation' => $entry[''],
- 'ssl_organisation_unit' => $entry[''],
- 'ssl_country' => $entry[''],
- 'ssl_domain' => $entry[''],
- 'ssl_request' => $entry[''],
- 'ssl_cert' => $entry[''],
- 'ssl_bundle' => $entry[''],
- 'ssl_action' => $entry[''],
- 'stats_password' => '',
- 'stats_type' => get_option($hosting, 'webstat', 'webalizer') === 'awstats' ? 'awstats' : 'webalizer',
- 'backup_interval' => 'none',
- 'backup_copies' => 1,
- 'allow_override' => 'All',
- 'pm_process_idle_timeout' => 10,
- 'pm_max_requests' => 0
- );
-
- $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '" . $entry['name'] . '.' . $parent_domain['name'] . "'");
- if(!$old_domain) $old_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE CONCAT(subdomain, '.', domain) = '" . $entry['name'] . "'");
- if($old_domain) {
- $new_id = $old_domain['domain_id'];
- $params = array_merge($old_domain, $params);
- $msg .= "Found domain with id " . $new_id . ", updating it.<br />";
- $ok = $importer->sites_web_vhost_subdomain_update($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $new_id, $params);
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->sites_web_vhost_subdomain_add($session_id, $plesk_ispc_ids[$parent_domain['cl_id']], $params, true); // read only...
- }
-
- $subdomain_ids[$entry['id']] = $new_id;
- $subdomain_roots[$entry['id']] = $entry['www_root'];
- $subdomain_owners[$entry['id']] = $entry['cl_id'];
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Subdomain " . $entry['id'] . " (" . $entry['name'] . ") inserted.<br />";
-
- $cmd_data = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = '" . $new_id . "'");
- $path = $cmd_data['document_root'];
- add_command('chattr -i ' . escapeshellarg($path));
- add_command('if [[ -f ' . $path . '/' . $web_folder . '/index.html ]] ; then rm ' . $path . '/' . $web_folder . '/index.html ; fi');
- add_command('rsync -av --modify-window 10 --progress -e ssh root@${MYSERVER}:' . $entry['www_root'] . '/ ' . $path . '/' . $web_folder . '/');
- add_command('chown -R ' . $cmd_data['system_user'] . ':' . $cmd_data['system_group'] . ' ' . escapeshellarg($path));
- add_command('chown -R root:root ' . escapeshellarg($path . '/log') . ' ' . escapeshellarg($path . '/ssl') . ' ' . escapeshellarg($path . '/web/stats'));
- add_command('chattr +i ' . escapeshellarg($path));
- }
- }
-
- // dns have to be done AFTER domains due to missing client info
- /*
- $dns_zone_ids = array();
- $dns_zone_serials = array();
- $dns_zones = $exdb->queryAllRecords("SELECT d.id, d.name, d.displayName, d.status, d.email, d.type, d.ttl, d.ttl_unit, d.refresh, d.refresh_unit, d.retry, d.retry_unit, d.expire, d.expire_unit, d.minimum, d.minimum_unit, d.serial_format, d.serial FROM dns_zone as d");
- foreach($dns_zones as $entry) {
- $ns = $exdb->queryOneRecord("SELECT d.id, d.val FROM dns_recs as d WHERE d.dns_zone_id = '" . $entry['id'] . "' AND d.type = 'NS'");
- if(!$ns) $ns = array('id' => 0, 'val' => 'ns.' . $entry['name']);
-
- $dom_id = $dns_domain_ids[$entry['id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $params = array(
- 'server_id' => $server_id,
- 'origin' => add_dot($entry['name']), // what to put here?
- 'ns' => add_dot($ns['val']), // what to put here?
- 'mbox' => str_replace('@', '.', add_dot($entry['email'])),
- 'serial' => $entry['serial'],
- 'refresh' => $entry['refresh'],
- 'retry' => $entry['retry'],
- 'expire' => $entry['expire'],
- 'minimum' => $entry['minimum'],
- 'ttl' => $entry['ttl'],
- 'xfer' => '',
- 'also_notify' => '',
- 'update_acl' => '',
- 'active' => yes_no(($entry['status'] == 0 ? 1 : 0))
- );
-
- $old_dns = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin = '" . add_dot($entry['name']) . "'");
- if($old_dns) $old_id = $old_dns['id'];
- if($old_id) {
- $new_id = $old_id;
- $ok = $importer->dns_zone_update($session_id, $client_id, $old_id, $params);
- /if($ok === false) {
- // $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be updated.<br />";
- // $msg .= " Error: " . $importer->getFault() . "<br />";
- //} else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") updated.<br />";
- //}
- } else {
- $new_id = $importer->dns_zone_add($session_id, $client_id, $params);
- if($new_id === false) {
- //something went wrong here...
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") inserted.<br />";
- }
- }
- $dns_zone_ids[$entry['id']] = $new_id;
- $dns_zone_serials[$entry['id']] = $entry['serial'];
- }
- unset($dns_zones);
- */
- /* types:
- * PTR, NS, A, CNAME, MX, TXT, AAAA
- *//*
- $dns_records = $exdb->queryAllRecords("SELECT d.id, d.dns_zone_id, d.type, d.displayHost, d.host, d.displayVal, d.val, d.opt, d.time_stamp FROM dns_recs as d");
- foreach($dns_records as $entry) {
- $dns_id = (array_key_exists($entry['dns_zone_id'], $dns_zone_ids) ? $dns_zone_ids[$entry['dns_zone_id']] : 0);
- if(!$dns_id) {
- // entry for missing dns zone...?
- continue;
- }
-
- $dom_id = $dns_domain_ids[$entry['dns_zone_id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $params = array(
- 'server_id' => $server_id,
- 'zone' => $dns_id,
- 'name' => add_dot($entry['host']),
- 'type' => $entry['type'],
- 'data' => $entry['val'],
- //'ttl' => '',
- 'active' => yes_no(1),
- 'stamp' => $entry['time_stamp'],
- //'serial' => $dns_zone_serials[$entry['id']]
- );
-
-
- $record = $app->db->queryOneRecord("SELECT id FROM dns_rr WHERE zone = '" . $dns_zone_ids[$entry['dns_zone_id']] . "' AND name = '" . add_dot($entry['host']) . "' AND type = '" . $entry['type'] . "'");
- $old_id = 0;
- if($record) {
- $old_id = $record['id'];
- }
-
- $new_id = false;
- if($entry['type'] === 'MX') {
- $params['aux'] = $entry['opt'];
- if($old_id) {
- $ok = $importer->dns_mx_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_mx_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'PTR') {
- if($old_id) {
- $ok = $importer->dns_ptr_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_ptr_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'A') {
- if($old_id) {
- $ok = $importer->dns_a_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_a_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'AAAA') {
- if($old_id) {
- $ok = $importer->dns_aaaa_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_aaaa_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'TXT') {
- if($old_id) {
- $ok = $importer->dns_txt_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_txt_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'CNAME') {
- if($old_id) {
- $ok = $importer->dns_cname_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_cname_add($session_id, $client_id, $params);
- }
- } elseif($entry['type'] === 'NS') {
- if($old_id) {
- $ok = $importer->dns_ns_update($session_id, $client_id, $old_id, $params);
- if($ok !== false) $new_id = $old_id;
- } else {
- $new_id = $importer->dns_ns_add($session_id, $client_id, $params);
- }
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") could not be inserted/updated.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />" . var_export($params, true) . '<br />';
- } else {
- $msg .= "DNS " . $entry['id'] . " (" . $entry['name'] . ") inserted/updated.<br />";
- }
-
- }
- unset($dns_records);
- */
-
- $folder_ids = array();
- /* web_folder creation*/
- $protected_dirs = $exdb->queryAllRecords("SELECT `id`, `non_ssl`, `ssl`, `cgi_bin`, `realm`, `path`, `dom_id` FROM protected_dirs");
- foreach($protected_dirs as $entry) {
- if($entry['path'] == 'plesk-stat') continue;
-
- $params = array('server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'path' => $entry['path'],
- 'active' => 'y');
-
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $folder_id = 0;
- $check = $app->db->queryOneRecord('SELECT * FROM `web_folder` WHERE `parent_domain_id` = \'' . $domain_ids[$entry['dom_id']] . '\' AND `path` = \'' . $app->db->quote($entry['path']) . '\'');
- if($check) {
- $ok = $importer->sites_web_folder_update($session_id, $client_id, $check['web_folder_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- $folder_id = $check['web_folder_id'];
- $msg .= 'Updated HTTP AUTH folder (' . $folder_id . '): ' . $entry['path'] . '<br />';
- } else {
- $folder_id = $importer->sites_web_folder_add($session_id, $client_id, $params);
- $msg .= 'Created HTTP AUTH folder (' . $folder_id . '): ' . $entry['path'] . '<br />';
- if(!$folder_id) $msg .= " Error: " . $importer->getFault() . "<br />" . var_export($params, true) . '<br />';
- }
-
- $folder_ids[$entry['id']] = $folder_id;
- }
-
- $pd_users = $exdb->queryAllRecords("SELECT u.id, u.login, u.account_id, u.pd_id, a.password, d.dom_id FROM pd_users as u INNER JOIN protected_dirs as d ON (d.id = u.pd_id) INNER JOIN accounts as a ON (a.id = u.account_id)");
- foreach($pd_users as $entry) {
- $params = array('server_id' => $server_id,
- 'web_folder_id' => $folder_ids[$entry['pd_id']],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'active' => 'y');
- if($entry['login'] == '' || !isset($folder_ids[$entry['pd_id']])) {
- $msg .= 'Skipping Folder user because of missing data.<br />';
- continue;
- }
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_folder_user` WHERE `web_folder_id` = ' . intval($folder_ids[$entry['pd_id']]) . ' AND `username` = \'' . $entry['login'] . '\'');
- if($check) {
- $ok = $importer->sites_web_folder_user_update($session_id, $client_id, $check['web_folder_user_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- $msg .= 'Updated HTTP AUTH folder user (' . $fu_id . '): ' . $entry['login'] . '<br />';
- } else {
- $fu_id = $importer->sites_web_folder_user_add($session_id, $client_id, $params);
- $msg .= 'Created HTTP AUTH folder user (' . $fu_id . '): ' . $entry['login'] . '<br />';
- if(!$fu_id) $msg .= " Error: " . $importer->getFault() . "<br />" . var_export($params, true) . '<br />';
- }
- }
-
- /*$web_users = $exdb->queryAllRecords("SELECT id, dom_id, sys_user_id, ssi, php, cgi, perl, python, fastcgi, asp, asp_dot_net FROM web_users");
- foreach($web_users as $entry) {
- $params =
- }
- */
-
-
- $ftp_users = $exdb->queryAllRecords("SELECT f.id, f.dom_id, f.sys_user_id, s.login, s.account_id, s.home, s.shell, s.quota, s.mapped_to, a.password, a.type as `pwtype` FROM ftp_users as f INNER JOIN sys_users as s ON (s.id = f.sys_user_id) INNER JOIN accounts as a ON (a.id = s.account_id)");
- $ftp_users = array_merge($ftp_users, $dom_ftp_users);
- foreach($ftp_users as $entry) {
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$entry['id']) continue;
- $ispc_dom_id = $domain_ids[$entry['dom_id']];
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
- if(!$client_id) $client_id = 0;
-
- $document_root = str_replace("[website_id]", $ispc_dom_id, $web_config["website_path"]);
- $document_root = str_replace("[website_idhash_1]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_2]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_3]", id_hash($ispc_dom_id, 1), $document_root);
- $document_root = str_replace("[website_idhash_4]", id_hash($ispc_dom_id, 1), $document_root);
-
- // Set the values for document_root, system_user and system_group
- $system_user = 'web'.$ispc_dom_id;
- $system_group = 'client'.$client_id;
- $document_root = str_replace("[client_id]", $client_id, $document_root);
- $document_root = str_replace("[client_idhash_1]", id_hash($client_id, 1), $document_root);
- $document_root = str_replace("[client_idhash_2]", id_hash($client_id, 2), $document_root);
- $document_root = str_replace("[client_idhash_3]", id_hash($client_id, 3), $document_root);
- $document_root = str_replace("[client_idhash_4]", id_hash($client_id, 4), $document_root);
-
- $uid = $system_user;
- $gid = $system_group;
-
- $sys_grp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = '" . $client_id . "'");
- if(!$sys_grp) $sys_grp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = 0");
-
- if(!$sys_grp) $sys_groupid = 1;
- else $sys_groupid = $sys_grp['groupid'];
-
- $params = array(
- 'server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$entry['dom_id']],
- 'username' => $entry['login'],
- 'password' => $entry['password'],
- 'quota_size' => byte_to_mbyte(($entry['quota'] == 0 ? -1 : $entry['quota'])),
- 'active' => yes_no(1),
- 'uid' => $uid,
- 'gid' => $gid,
- 'dir' => $document_root . (substr($document_root, -1) !== '/' ? '/' : ''),
- 'sys_groupid' => $sys_groupid
- //'quota_files' => $entry[''],
- //'ul_ratio' => $entry[''],
- //'dl_ratio' => $entry[''],
- //'ul_bandwidth' => $entry[''],
- //'dl_bandwidth' => $entry['']
- );
- $new_id = false;
- $old_ftp = $app->db->queryOneRecord("SELECT ftp_user_id, parent_domain_id FROM ftp_user WHERE username = '" . $entry['login'] ."'");
- if($old_ftp) {
- if($old_ftp['parent_domain_id'] != $domain_ids[$entry['dom_id']]) {
- $msg .= "FTP Account conflicts with other domain!<br />";
- } else {
- $new_id = $old_ftp['ftp_user_id'];
- $ok = $importer->sites_ftp_user_update($session_id, $client_id, $new_id, array_merge($old_ftp, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- }
- } else {
- $new_id = $importer->sites_ftp_user_add($session_id, $client_id, $params);
- }
- if($new_id === false) {
- //something went wrong here...
- $msg .= "FTP " . $entry['id'] . " (" . $entry['login'] . ") could not be inserted.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- $msg .= "Params: " . var_export($params, true) . "<br />";
- } else {
- $msg .= "FTP Account " . $entry['id'] . " (" . $entry['login'] . ") inserted.<br />";
- }
- }
-
- $mail_config = $app->getconf->get_server_config($server_id, 'mail');
-
- $mail_addresses = $exdb->queryAllRecords("SELECT m.id, m.mail_name, m.perm_id, m.postbox, m.account_id, m.redirect, m.redir_addr, m.mail_group, m.autoresponder, m.spamfilter, m.virusfilter, m.mbox_quota, m.dom_id, m.userId, a.password, a.type as `pwtype` FROM mail as m LEFT JOIN accounts as a ON (a.id = m.account_id) ");
- $mail_ids = array();
- foreach($mail_addresses as $entry) {
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$parent_domain) {
- $msg .= "Could not insert/update mail address " . $entry['mail_name'] . " as domain is missing.<br />";
- continue;
- }
-
- /* postbox true/false
- * mail_group true/false
- * spamfilter true/false
- */
-
-
- $has_responder = false;
- if($entry['autoresponder'] === 'true') {
- $responder = $exdb->queryOneRecord("SELECT id, mn_id, resp_name, keystr, key_where, subject, reply_to, content_type, charset, text, resp_on, ans_freq, mem_limit FROM mail_resp WHERE mn_id = '" . $entry['id'] . "'");
- if($responder) $has_responder = true;
- }
-
- $maildir = str_replace("[domain]", $parent_domain["name"], $mail_config["maildir_path"]);
- $maildir = str_replace("[localpart]", strtolower($entry["mail_name"]), $maildir);
-
-
- $params = array(
- 'server_id' => $server_id,
- 'email' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'login' => strtolower($entry['mail_name'] . "@" . $parent_domain['name']),
- 'password' => $entry['password'],
- 'name' => $entry[''],
- 'quota' => ($entry['mbox_quota'] == -1 ? 0 : $entry['mbox_quota']), // in bytes!
- 'cc' => $entry['redir_addr'],
- 'maildir' => $maildir,
- 'homedir' => $mail_config["homedir_path"],
- 'uid' => $mail_config["mailuser_uid"],
- 'gid' => $mail_config["mailuser_gid"],
- 'postfix' => yes_no(1),
- 'disableimap' => yes_no(0),
- 'disablepop3' => yes_no(0),
- 'autoresponder_subject' => ($has_responder ? $responder['subject'] : ''),
- 'autoresponder_text' => ($has_responder ? $responder['text'] : ''),
- 'autoresponder' => yes_no($has_responder ? 1 : 0),
- 'autoresponder_start_date' => ($has_responder && $responder['resp_on'] === 'true' ? strftime('%Y-%m-%d', time()) : strftime('%Y-%m-%d', time() - (3600*24))),
- 'autoresponder_end_date' => ($has_responder && $responder['resp_on'] === 'true' ? strftime('%Y-%m-%d', time() + (3600*24*365)) : strftime('%Y-%m-%d', time())),
- 'move_junk' => yes_no(0)
- );
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- // if this is no postbox we do not need to create a mailuser
- if($entry['postbox'] !== 'false') {
- $old_mail = $app->db->queryOneRecord("SELECT mailuser_id FROM mail_user WHERE email = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "'");
- if($old_mail) {
- $new_id = $old_mail['mailuser_id'];
- $ok = $importer->mail_user_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->mail_user_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail" . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . ") could not be inserted/updated.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Mail " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . ") inserted/updated.<br />";
-
- add_command('rsync -av --delete-after --modify-window 10 --progress -e ssh root@${MYSERVER}:/var/qmail/mailnames/' . $parent_domain['name'] . '/' . strtolower($entry['mail_name']) . '/Maildir/ ' . $maildir . '/Maildir/');
- add_command('chown -R vmail:vmail ' . $maildir);
- add_command('chmod 744 ' . $maildir . '/Maildir/subscriptions');
- add_command('chmod 600 ' . $maildir . '/Maildir/dovecot-*');
- add_command('chmod 700 ' . $maildir . '/Maildir/cur ' . $maildir . '/Maildir/new ' . $maildir . '/Maildir/tmp');
- add_command('chmod 600 ' . $maildir . '/Maildir/cur/* ' . $maildir . '/Maildir/new/* ' . $maildir . '/Maildir/tmp/*');
- }
- $mail_ids[$entry['id']] = $new_id;
- }
-
- // select all redirs for this address
- $mail_redir = $exdb->queryAllRecords("SELECT id, mn_id, address FROM mail_redir WHERE mn_id = '" . $entry['id'] . "'");
- foreach($mail_redir as $redir) {
- $params = array(
- 'server_id' => $server_id,
- 'source' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'destination' => $redir['address'],
- 'type' => 'forward', // or forward
- 'active' => yes_no(1)
- );
-
- $old_mail = $app->db->queryOneRecord("SELECT forwarding_id FROM mail_forwarding WHERE source = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "' AND destination = '" . $redir['address'] . "'");
- if($old_mail) {
- $new_id = $old_mail['forwarding_id'];
- $ok = $importer->mail_forward_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->mail_forward_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail redirect " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . " to " . $redir['address'] . ") could not be inserted/updated.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Mail redirect " . $entry['id'] . " (" . $entry['mail_name'] . "@" . $parent_domain['name'] . " to " . $redir['address'] . ") inserted/updated.<br />";
- }
- }
- unset($mail_redir);
- }
- unset($mail_addresses);
-
- $mail_aliases = $exdb->queryAllRecords("SELECT a.id, a.mn_id, a.alias, m.dom_id, m.mail_name FROM mail_aliases as a INNER JOIN mail as m ON (m.id = a.mn_id)");
- foreach($mail_aliases as $entry) {
-
- $parent_domain = $exdb->queryOneRecord("SELECT d.id, d.cl_id, d.name FROM domains as d WHERE d.id = '" . $entry['dom_id'] . "'");
- if(!$parent_domain) {
- $msg .= "Could not insert/update mail alias " . $entry['alias'] . " as domain is missing.<br />";
- continue;
- }
-
- $params = array(
- 'server_id' => $server_id,
- 'source' => $entry['alias'] . "@" . $parent_domain['name'],
- 'destination' => $entry['mail_name'] . "@" . $parent_domain['name'],
- 'type' => 'alias', // or forward
- 'active' => yes_no(1)
- );
- $client_id = $plesk_ispc_ids[$domain_owners[$entry['dom_id']]];
-
- $old_mail = $app->db->queryOneRecord("SELECT forwarding_id FROM mail_forwarding WHERE source = '" . $entry['alias'] . "@" . $parent_domain['name'] . "' AND destination = '" . $entry['mail_name'] . "@" . $parent_domain['name'] . "'");
- if($old_mail) {
- $new_id = $old_mail['forwarding_id'];
- $ok = $importer->mail_alias_update($session_id, $client_id, $new_id, array_merge($old_mail, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $new_id = $importer->mail_alias_add($session_id, $client_id, $params);
- }
-
- if($new_id === false) {
- //something went wrong here...
- $msg .= "Mail alias " . $entry['id'] . " (" . $entry['alias'] . "@" . $parent_domain['name'] . ") could not be inserted/updated.<br />";
- $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $msg .= "Mail alias " . $entry['id'] . " (" . $entry['alias'] . "@" . $parent_domain['name'] . ") inserted/updated.<br />";
- }
- }
- unset($mail_aliases);
-
- //spamfilter // preferences = true/false, username = email address, can be *@*
- //id, username, preferences
-
- //spamfilter_preferences
- //prefid, spamfilter_id, preference, value
-
-
-
- //$client_traffic = $exdb->queryAllRecords("SELECT t.cl_id, t.date, t.http_in, t.http_out, t.ftp_in, t.ftp_out, t.smtp_in, t.smtp_out, t.pop3_imap_in, t.pop3_imap_out FROM ClientsTraffic as t");
-
- $db_userids = array();
-
- $db_users = $exdb->queryAllRecords("SELECT u.id, u.login, u.account_id, u.db_id, a.password, a.type as `pwtype`, d.dom_id FROM db_users as u INNER JOIN data_bases as d ON (d.id = u.db_id) LEFT JOIN accounts as a ON (a.id = u.account_id)");
- foreach($db_users as $db_user) {
- // database user
- $params = array('server_id' => $server_id,
- 'database_user' => $db_user['login'],
- 'database_password' => $db_user['password']);
-
- $client_id = $plesk_ispc_ids[$domain_owners[$db_user['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user` = \'' . $app->db->quote($db_user['login']) . '\'');
- $db_user_id = 0;
- if($check) {
- $ok = $importer->sites_database_user_update($session_id, $client_id, $check['database_user_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- $db_user_id = $check['database_user_id'];
- } else {
- $db_user_id = $importer->sites_database_user_add($session_id, $client_id, $params);
- }
-
- if(!isset($db_userids[$db_user['db_id']])) $db_userids[$db_user['db_id']] = $db_user_id;
- $msg .= 'Created / updated database user: ' . $db_user['login'] . '<br />';
- }
-
- add_command('# DATABASES');
-
- $databases = $exdb->queryAllRecords("SELECT d.id, d.name, d.type, d.dom_id, d.db_server_id, d.default_user_id FROM `data_bases` as d");
- foreach($databases as $database) {
- $params = array('server_id' => $server_id,
- 'parent_domain_id' => $domain_ids[$database['dom_id']],
- 'type' => 'mysql',
- 'database_name' => $database['name'],
- 'database_user_id' => $db_userids[$database['id']],
- 'database_ro_user_id' => 0,
- 'database_charset' => 'utf8',
- 'remote_access' => 'n',
- 'active' => 'y',
- 'remote_ips' => '');
-
- $client_id = $plesk_ispc_ids[$domain_owners[$database['dom_id']]];
-
- $check = $app->db->queryOneRecord('SELECT * FROM `web_database` WHERE `database_name` = \'' . $app->db->quote($database['name']) . '\'');
- if($check) {
- $ok = $importer->sites_database_update($session_id, $client_id, $check['database_id'], array_merge($check, $params));
- if($ok === false) $msg .= " Error: " . $importer->getFault() . "<br />";
- } else {
- $importer->sites_database_add($session_id, $client_id, $params);
- }
-
- add_command('for T in `mysql -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS} ' . $database['name'] . ' -e \'show tables\' | awk \'{ print $1}\' | grep -v \'^Tables\'` ; do echo "DROP TABLE \\`$T\\`" ; mysql -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS} ' . $database['name'] . ' -e "DROP TABLE \\`$T\\`" ; done');
- add_command('mysqldump -cCQ --quote-names --hex-blob -h ${MYSERVER} -u ${MYSQL_EXPORT_USER} -p${MYSQL_EXPORT_PASS} ' . $database['name'] . ' | mysql -D ' . $database['name'] . ' -u ${MYSQL_IMPORT_USER} -p${MYSQL_IMPORT_PASS}');
-
- $msg .= 'Created / updated database: ' . $database['name'] . '<br />';
- }
-
- // do we need table disk_usage for import? i think we don't
-
- // name is domain name, displayName is including "Umlaute"
- //$anon_ftp = $exdb->queryAllRecords("SELECT f.id, f.dom_id, f.max_conn, f.bandwidth, f.incoming, f.incoming_readable, f.incoming_subdirs, f.status, f.quota, f.display_login, f.login_text FROM anon_ftp as f");
-
-
- //DomainServices
- //id, dom_id, type, status, parameters_id, ipCollectionId
-
- //DomainsTraffic
- //dom_id, date, http_in, http_out, ftp_in, ftp_out, smtp_in, smtp_out, pop3_imap_in, pop3_imap_out
-
-
- //IP_Adresses
- //id, ip_address, mask, iface, ssl_certificate_id, default_domain_id, ftps, main, status
-
- //ip_pool
- //id, ip_address_id, type
-
- /* TODO:
- */
- //misc // needed? global settings
- //param, val
-
- //Permissions
- //id, permission, value
-
- //smb_users // pass is base64 encoded plaintext
- //id, login, password, contactName, email, companyName, phone, fax, address, city, state, zip, country, creationDate, isBuiltIn, roleId, uuid, isLocked, authCookie, sessionId, externalId, ownerId, isDomainAdmin, additionalInfo, imNumber, imType, isLegacyUser
-
- /* TODO:
- sys_users // mapped_to = parent_id
- id, login, account_id, home, shell, quota, mapped_to
-
- */
- add_command('unset MYSERVER');
- add_command('unset MYSQL_EXPORT_USER');
- add_command('unset MYSQL_EXPORT_PASS');
- add_command('unset MYSQL_IMPORT_USER');
- add_command('unset MYSQL_IMPORT_PASS');
- add_command('# END');
- file_put_contents('/tmp/plesk_import_commands.sh', $COMMANDS);
- } else {
- $msg .= 'Connecting to external database failed!<br />';
- $msg .= $exdb->connect_error;
- $msg .= substr($exdb->errorMessage, 0, 25);
-
- $error .= $exdb->errorMessage;
- }
-
- //* restore db login details
- /*$conf['db_host'] = $conf_bak['db_host'];
- $conf['db_database'] = $conf_bak['db_database'];
- $conf['db_user'] = $conf_bak['db_user'];
- $conf['db_password'] = $conf_bak['db_password'];*/
-
-}
-
-$app->tpl->setVar('msg', $msg);
-$app->tpl->setVar('error', $error);
-
-
-$app->tpl_defaults();
-$app->tpl->pparse();
-
-
-?>
diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php
index 119bfb87aa4f613b2d1c84dfba57ea98d83bd8a4..3c8db20aebc45de35353ce4cbd2298a8fe86a61a 100644
--- a/interface/web/tools/import_vpopmail.php
+++ b/interface/web/tools/import_vpopmail.php
@@ -68,7 +68,7 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
$msg .= 'Databse connection succeeded<br />';
$local_server_id = intval($_POST['local_server_id']);
- $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = $local_server_id");
+ $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = ?", $local_server_id);
if($tmp['mail_server'] == 1) {
start_import();
@@ -106,41 +106,41 @@ function start_import() {
foreach($records as $rec) {
$pw_domain = $rec['pw_domain'];
//* Check if we have a client with that username already
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = '$pw_domain'");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = ?", $pw_domain);
if($tmp['number'] == 0) {
$pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);
$country = 'FI';
//* add client
$sql = "INSERT INTO `client` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `company_name`, `company_id`, `contact_name`, `customer_no`, `vat_id`, `street`, `zip`, `city`, `state`, `country`, `telephone`, `mobile`, `fax`, `email`, `internet`, `icq`, `notes`, `bank_account_owner`, `bank_account_number`, `bank_code`, `bank_name`, `bank_account_iban`, `bank_account_swift`, `default_mailserver`, `limit_maildomain`, `limit_mailbox`, `limit_mailalias`, `limit_mailaliasdomain`, `limit_mailforward`, `limit_mailcatchall`, `limit_mailrouting`, `limit_mailfilter`, `limit_fetchmail`, `limit_mailquota`, `limit_spamfilter_wblist`, `limit_spamfilter_user`, `limit_spamfilter_policy`, `default_webserver`, `limit_web_ip`, `limit_web_domain`, `limit_web_quota`, `web_php_options`, `limit_cgi`, `limit_ssi`, `limit_perl`, `limit_ruby`, `limit_python`, `force_suexec`, `limit_hterror`, `limit_wildcard`, `limit_ssl`, `limit_web_subdomain`, `limit_web_aliasdomain`, `limit_ftp_user`, `limit_shell_user`, `ssh_chroot`, `limit_webdav_user`, `limit_aps`, `default_dnsserver`, `limit_dns_zone`, `limit_dns_slave_zone`, `limit_dns_record`, `default_dbserver`, `limit_database`, `limit_cron`, `limit_cron_type`, `limit_cron_frequency`, `limit_traffic_quota`, `limit_client`, `limit_mailmailinglist`, `limit_openvz_vm`, `limit_openvz_vm_template_id`, `parent_client_id`, `username`, `password`, `language`, `usertheme`, `template_master`, `template_additional`, `created_at`, `id_rsa`, `ssh_rsa`)
- VALUES(1, 1, 'riud', 'riud', '', '', '', '$pw_domain', '', '', '', '', '', '', '$country', '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, '$pw_domain', '$pw_crypt_password', '".$conf['language']."', 'default', 0, '', NOW(), '', '')";
- $app->db->query($sql);
+ VALUES(1, 1, 'riud', 'riud', '', '', '', ?, '', '', '', '', '', '', ?, '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, ?, ?, ?, 'default', 0, '', NOW(), '', '')";
+ $app->db->query($sql, $pw_domain,$country, $pw_domain, $pw_crypt_password, $conf['language']);
$client_id = $app->db->insertID();
//* add sys_group
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($pw_domain)."','',".$client_id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $pw_domain, "description" => '', "client_id" => $client_id), 'groupid');
$groups = $groupid;
- $username = $app->db->quote($pw_domain);
+ $username = $pw_domain;
$password = $pw_crypt_password;
$modules = $conf['interface_modules_enabled'];
$startmodule = 'dashboard';
- $usertheme = $app->db->quote('default');
+ $usertheme = 'default';
$type = 'user';
$active = 1;
- $language = $app->db->quote($conf["language"]);
+ $language = $conf["language"];
//$password = $app->auth->crypt_password($password);
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$client_id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $client_id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$client_id.")";
- $app->db->query($sql);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$client_id);
//* Set the default servers
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
@@ -152,8 +152,8 @@ function start_import() {
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
$default_dbserver = $app->functions->intval($tmp['server_id']);
- $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$client_id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";
+ $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dbserver, $client_id);
$msg .= "Added Client $username.<br />";
} else {
@@ -169,14 +169,22 @@ function start_import() {
$domain = $rec['pw_domain'];
//* Check if domain exists already
- $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '$domain'");
+ $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $domain);
if($tmp['number'] == 0) {
- $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '$domain'");
+ $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $domain);
$sys_userid = ($user_rec['userid'] > 0)?$user_rec['userid']:1;
$sys_groupid = ($user_rec['default_group'] > 0)?$user_rec['default_group']:1;
- $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `domain`, `active`)
- VALUES(".$sys_userid.", ".$sys_groupid.", 'riud', 'riud', '', $local_server_id, '$domain', 'y')";
+ $sql = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $local_server_id,
+ "domain" => $domain,
+ "active" => 'y'
+ );
$app->db->datalogInsert('mail_domain', $sql, 'domain_id');
$msg .= "Imported domain $domain <br />";
} else {
@@ -193,20 +201,52 @@ function start_import() {
$email = $rec['pw_name'].'@'.$rec['pw_domain'];
//* Check for duplicate mailboxes
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($email)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $email);
if($tmp['number'] == 0) {
//* get the mail domain for the mailbox
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '$domain'");
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $domain);
if(is_array($domain_rec)) {
$pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);
$maildir_path = "/var/vmail/".$rec['pw_domain']."/".$rec['pw_name'];
//* Insert the mailbox
- $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `email`, `login`, `password`, `name`, `uid`, `gid`, `maildir`, `quota`, `cc`, `homedir`, `autoresponder`, `autoresponder_start_date`, `autoresponder_end_date`, `autoresponder_subject`, `autoresponder_text`, `move_junk`, `custom_mailfilter`, `postfix`, `access`, `disableimap`, `disablepop3`, `disabledeliver`, `disablesmtp`, `disablesieve`, `disablelda`, `disabledoveadm`)
- VALUES(".$domain_rec['sys_userid'].", ".$domain_rec['sys_groupid'].", 'riud', 'riud', '', $local_server_id, '$email', '$email', '$pw_crypt_password', '$email', 5000, 5000, '$maildir_path', 0, '', '/var/vmail', 'n', '0000-00-00 00:00:00', '0000-00-00 00:00:00', 'Out of office reply', '', 'n', '', 'y', 'n', 'n', 'n', 'n', 'n', 'n', 'n', 'n')";
+ $sql = array(
+ "sys_userid" => $domain_rec['sys_userid'],
+ "sys_groupid" => $domain_rec['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $local_server_id,
+ "email" => $email,
+ "login" => $email,
+ "password" => $pw_crypt_password,
+ "name" => $email,
+ "uid" => 5000,
+ "gid" => 5000,
+ "maildir" => $maildir_path,
+ "quota" => 0,
+ "cc" => '',
+ "homedir" => '/var/vmail',
+ "autoresponder" => 'n',
+ "autoresponder_start_date" => '0000-00-00 00:00:00',
+ "autoresponder_end_date" => '0000-00-00 00:00:00',
+ "autoresponder_subject" => 'Out of office reply',
+ "autoresponder_text" => '',
+ "move_junk" => 'n',
+ "custom_mailfilter" => '',
+ "postfix" => 'y',
+ "access" => 'n',
+ "disableimap" => 'n',
+ "disablepop3" => 'n',
+ "disabledeliver" => 'n',
+ "disablesmtp" => 'n',
+ "disablesieve" => 'n',
+ "disablelda" => 'n',
+ "disabledoveadm" => 'n'
+ );
$app->db->datalogInsert('mail_user', $sql, 'mailuser_id');
$msg .= "Imported mailbox $email <br />";
}
@@ -242,16 +282,26 @@ function start_import() {
}
//* Check for duplicate forwards
- $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($email)."' AND destination = '".$app->db->quote($target)."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ?", $email, $target);
if($tmp['number'] == 0 && $target != '') {
//* get the mail domain
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$rec['domain']."'");
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $rec['domain']);
if(is_array($domain_rec)) {
- $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `source`, `destination`, `type`, `active`)
- VALUES(".$domain_rec['sys_userid'].", ".$domain_rec['sys_groupid'].", 'riud', 'riud', '', $local_server_id, '".$app->db->quote($email)."', '".$app->db->quote($target)."', 'forward', 'y')";
+ $sql = array(
+ "sys_userid" => $domain_rec['sys_userid'],
+ "sys_groupid" => $domain_rec['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $local_server_id,
+ "source" => $email,
+ "destination" => $target,
+ "type" => 'forward',
+ "active" => 'y'
+ );
$app->db->datalogInsert('mail_forwarding', $sql, 'forwarding_id');
}
$msg .= "Imported alias $email.<br />";
diff --git a/interface/web/tools/lib/module.conf.php b/interface/web/tools/lib/module.conf.php
index 853fd649ea8472b2a81523e96ae8958e20ba9e79..617ab0b6cd6d354e96499bfecbf90b8700b86d0c 100644
--- a/interface/web/tools/lib/module.conf.php
+++ b/interface/web/tools/lib/module.conf.php
@@ -7,6 +7,7 @@ $module['title'] = 'top_menu_tools';
$module['template'] = 'module.tpl.htm';
$module['startpage'] = 'tools/index.php';
$module['tab_width'] = '60';
+$module['order'] = '80';
//**** Change User password
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 6a85b186a12962aeec642aef5bcc2bb2c08271c3..e99e5119db4abcfcaa4a1503ff027e8d19f8d491 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -182,8 +182,8 @@ class page_action extends tform_actions {
//* firewall
$array_out = array();
foreach($server_data as $db_table => $data) {
- $sql = @(isset($data['server_id']))?"SELECT * FROM $db_table WHERE server_id = $server_id":"SELECT * FROM $db_table";;
- $records = $app->db->queryAllRecords($sql);
+ $sql = @(isset($data['server_id']))?"SELECT * FROM ?? WHERE server_id = ?":"SELECT * FROM ??";
+ $records = $app->db->queryAllRecords($sql, $db_table, $server_id);
if (!empty($records)) array_push($array_out, $db_table);
}
@@ -377,7 +377,7 @@ class page_action extends tform_actions {
$server_name = array();
if ( $server_id == 0 ) { //* resync multiple server
- $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ".$server_type."_server = 1 AND active = 1 AND mirror_server_id = 0");
+ $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ?? = 1 AND active = 1 AND mirror_server_id = 0", $server_type."_server");
foreach ($temp as $server) {
$temp_id .= $server['server_id'].',';
$server_name[$server['server_id']] = $server['server_name'];
@@ -389,11 +389,11 @@ class page_action extends tform_actions {
unset($temp);
if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
- $sql = "SELECT * FROM $db_table";
+ $sql = "SELECT * FROM ??";
if ($db_table != "mail_user_filter") $sql .= " WHERE server_id IN (".$server_id.") ";
$sql .= $opt;
if ($active) $sql .= " AND active = 'y'";
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $db_table);
return array($records, $server_name);
}
@@ -511,13 +511,13 @@ class page_action extends tform_actions {
if(!empty($rr_records)) {
foreach($rr_records as $rec) {
$new_serial = $app->validate_dns->increase_serial($rec['serial']);
- $app->db->datalogUpdate('dns_rr', "serial = '".$new_serial."'", 'id', $rec['id']);
+ $app->db->datalogUpdate('dns_rr', array("serial" => $new_serial), 'id', $rec['id']);
}
} else {
$msg .= $app->tform->wordbook['no_results_txt'].'<br>';
}
$new_serial = $app->validate_dns->increase_serial($soa_rec['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['id']);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $soa_rec['id']);
$msg .= '['.$server_name[$soa_rec['server_id']].'] '.$soa_rec['origin'].' ('.count($rr_records).')<br>';
}
else $msg .= $app->tform->wordbook['no_results_txt'].'<br>';
@@ -529,7 +529,7 @@ class page_action extends tform_actions {
if($this->dataRecord['resync_client'] == 1) {
$db_table = 'client';
$index_field = 'client_id';
- $records = $app->db->queryAllRecords("SELECT * FROM ".$db_table);
+ $records = $app->db->queryAllRecords("SELECT * FROM ??", $db_table);
$msg .= '<b>'.$app->tform->wordbook['do_clients_txt'].'</b><br>';
if(!empty($records)) {
$tform_def_file = '../client/form/client.tform.php';
diff --git a/interface/web/tools/templates/dns_import_tupa.htm b/interface/web/tools/templates/dns_import_tupa.htm
index d8297850170af191bcfd011301fc8bfb37af27ca..6aadf711ee5545660312d70f128d642df41d79c0 100644
--- a/interface/web/tools/templates/dns_import_tupa.htm
+++ b/interface/web/tools/templates/dns_import_tupa.htm
@@ -25,7 +25,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/tools/templates/import_ispconfig.htm b/interface/web/tools/templates/import_ispconfig.htm
index a1a0bff6210247c4051f225e332b30409f43a25c..83d79e671fc9888d33ad56cb6550d6db62e501c8 100644
--- a/interface/web/tools/templates/import_ispconfig.htm
+++ b/interface/web/tools/templates/import_ispconfig.htm
@@ -70,7 +70,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="remote_session_id" value="{tmpl_var name='remote_session_id'}">
diff --git a/interface/web/tools/templates/import_plesk.htm b/interface/web/tools/templates/import_plesk.htm
index 3efe2a1e692d2394c984b299b8d7751c6c156f28..645913abd64cad157d11a75d9e5d35e408fd9e7c 100644
--- a/interface/web/tools/templates/import_plesk.htm
+++ b/interface/web/tools/templates/import_plesk.htm
@@ -42,7 +42,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/tools/templates/import_vpopmail.htm b/interface/web/tools/templates/import_vpopmail.htm
index 7615340531d8393bfb7cfcbb6677941f6b5834a6..749ce74a411d1543ca0aec6a07c65948f14c709e 100644
--- a/interface/web/tools/templates/import_vpopmail.htm
+++ b/interface/web/tools/templates/import_vpopmail.htm
@@ -34,7 +34,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<input type="hidden" name="remote_session_id" value="{tmpl_var name='remote_session_id'}">
diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 02fc4f73d2d3c8e9cd6b86ad1a60cbed115b9a9a..57542458eff600b069e8fbe118d406d82e15feed 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -102,7 +102,7 @@ class page_action extends tform_actions {
global $app;
if($_POST['passwort'] != '') {
- $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = '".$app->functions->intval($_SESSION['s']['user']['userid'])."'");
+ $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
$_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
unset($tmp_user);
}
diff --git a/interface/web/vm/ajax_get_ip.php b/interface/web/vm/ajax_get_ip.php
index 64400775ee5ded8a8d843d63a1139e9201c7a55e..3ff5c0d294a296167f0031f2fd80bf7155da4e99 100644
--- a/interface/web/vm/ajax_get_ip.php
+++ b/interface/web/vm/ajax_get_ip.php
@@ -38,8 +38,8 @@ $server_id = $app->functions->intval($_GET["server_id"]);
if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = $server_id";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = ?";
+ $ips = $app->db->queryAllRecords($sql, $server_id);
$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
diff --git a/interface/web/vm/lib/module.conf.php b/interface/web/vm/lib/module.conf.php
index a7e31bb5319bc51bd551e969f995badfc332d607..ee5e6b6ad11b0f4eeb1dffc748ab5056426bff22 100644
--- a/interface/web/vm/lib/module.conf.php
+++ b/interface/web/vm/lib/module.conf.php
@@ -5,6 +5,7 @@ $module['title'] = 'top_menu_vm';
$module['template'] = 'module.tpl.htm';
$module['startpage'] = 'vm/openvz_vm_list.php';
$module['tab_width'] = '';
+$module['order'] = '50';
//**** Templates menu
$items = array();
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 6e090d74683c7957c9d28e1228f2758184719f3a..757f55e8b63d3006016a6aea1395767fbf60bca8 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,7 +17,7 @@ $notify_msg = '';
if($vm_id == 0) die('Invalid VM ID');
-$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
+$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);
@@ -47,15 +47,8 @@ if($action == 'show') {
//* Start the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_start_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_start_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['start_exec_txt']);
$options['start_option_enabled'] = 'checked="checked"';
@@ -64,15 +57,8 @@ if($action == 'show') {
//* Stop the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_stop_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_stop_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['stop_exec_txt']);
$options['stop_option_enabled'] = 'checked="checked"';
@@ -81,15 +67,8 @@ if($action == 'show') {
//* Restart the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_restart_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_restart_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['restart_exec_txt']);
$options['restart_option_enabled'] = 'checked="checked"';
@@ -104,30 +83,22 @@ if($action == 'show') {
}
//* Quote name
- $ostemplate_name = $app->db->quote($ostemplate_name);
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = '$ostemplate_name'");
+ $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = ?", $ostemplate_name);
if($tmp['number'] > 0) $error_msg .= $wb['ostemplate_name_unique_error'].'<br />';
unset($tmp);
if($error_msg == '') {
//* Create ostemplate action
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_create_ostpl', ".
- "'".$veid.":".$ostemplate_name."', ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_create_ostpl', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid.":".$ostemplate_name);
//* Create a record in the openvz_ostemplate table
$sql = "INSERT INTO `openvz_ostemplate` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `template_name`, `template_file`, `server_id`, `allservers`, `active`, `description`)
- VALUES(1, 1, 'riud', 'riud', '', '$ostemplate_name', '$ostemplate_name', $server_id, 'n', 'y', '')";
- $app->db->query($sql);
+ VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, 'n', 'y', '')";
+ $app->db->query($sql, $ostemplate_name, $ostemplate_name, $server_id);
$app->tpl->setVar('msg', $wb['ostemplate_exec_txt']);
$options['ostemplate_option_enabled'] = 'checked="checked"';
diff --git a/interface/web/vm/openvz_template_edit.php b/interface/web/vm/openvz_template_edit.php
index ec520d04d4768effc3f46839e0148ea6a731de22..097e55bb800873983b5ce79ce966230f469c4e08 100644
--- a/interface/web/vm/openvz_template_edit.php
+++ b/interface/web/vm/openvz_template_edit.php
@@ -54,10 +54,7 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
- $burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
- $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
- $app->db->query($sql);
+ $this->onAfterUpdate();
}
function onAfterUpdate() {
@@ -65,8 +62,8 @@ class page_action extends tform_actions {
$guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
$burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
- $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
- $app->db->query($sql);
+ $sql = "UPDATE openvz_template SET shmpages = ?,vmguarpages = ?, oomguarpages = ?,privvmpages = ? WHERE template_id = ?";
+ $app->db->query($sql, $guar_ram . ':' . $guar_ram, $guar_ram . ':' . $guar_ram, $guar_ram . ':' . $guar_ram, $burst_ram . ':' . $burst_ram, $this->id);
}
}
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index bd7c1d2158f13134faf660d318544cbb53a8d7de..fc8b66dcbf5f975f5916dc920e2b4ef8934da6b5 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -74,15 +74,15 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Fill the template_id field
if($client['limit_openvz_vm_template_id'] == 0) {
$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
} else {
- $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
+ $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = ? ORDER BY template_name';
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['limit_openvz_vm_template_id']);
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
@@ -96,13 +96,13 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $records = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($records)) {
@@ -117,9 +117,9 @@ class page_action extends tform_actions {
if($client['limit_openvz_vm_template_id'] == 0) {
$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
} else {
- $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
+ $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = ? ORDER BY template_name';
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['limit_openvz_vm_template_id']);
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
@@ -166,8 +166,8 @@ class page_action extends tform_actions {
$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE vserver_server = 1 AND mirror_server_id = 0 ORDER BY server_name LIMIT 0,1');
$vm_server_id = $app->functions->intval($tmp['server_id']);
}
- $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = '".$this->id."') AND server_id = ".$app->functions->intval($vm_server_id)." ORDER BY ip_address";
- $ips = $app->db->queryAllRecords($sql);
+ $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = ?) AND server_id = ? ORDER BY ip_address";
+ $ips = $app->db->queryAllRecords($sql, $this->id, $vm_server_id);
$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
diff --git a/interface/web/vm/templates/openvz_action.htm b/interface/web/vm/templates/openvz_action.htm
index 840a8fd7d951035adc150f7a9948d0378ed87a58..2d95f9cb0f8bd421081117ba0365b6d6c1282d2f 100644
--- a/interface/web/vm/templates/openvz_action.htm
+++ b/interface/web/vm/templates/openvz_action.htm
@@ -10,7 +10,7 @@
<div id="OKMsg"><p><tmpl_var name="msg"></p></div>
</tmpl_if>
<tmpl_if name="error">
- <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>
+ <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>
</tmpl_if>
<div class="form-group">
diff --git a/interface/web/vm/templates/openvz_ip_list.htm b/interface/web/vm/templates/openvz_ip_list.htm
index 69be02bdd5f18c539871069e8d2faf73627f36b4..fd12694c37c07ece5cec1f3ce46501ba50b6fb85 100644
--- a/interface/web/vm/templates/openvz_ip_list.htm
+++ b/interface/web/vm/templates/openvz_ip_list.htm
@@ -39,7 +39,7 @@
<td><a href="#" data-load-content="vm/openvz_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ip_address"}</a></td>
<td><a href="#" data-load-content="vm/openvz_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="reserved"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/vm/templates/openvz_ostemplate_list.htm b/interface/web/vm/templates/openvz_ostemplate_list.htm
index 299cc0ef00569d76d3152629107052292c8c6aa7..85f46e6732c8a5f8234e7199af8c0f567ef4aa08 100644
--- a/interface/web/vm/templates/openvz_ostemplate_list.htm
+++ b/interface/web/vm/templates/openvz_ostemplate_list.htm
@@ -42,7 +42,7 @@
<td><a href="#" data-load-content="vm/openvz_ostemplate_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
<td><a href="#" data-load-content="vm/openvz_ostemplate_edit.php?id={tmpl_var name='id'}">{tmpl_var name="allservers"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ostemplate_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ostemplate_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/vm/templates/openvz_template_list.htm b/interface/web/vm/templates/openvz_template_list.htm
index 85042fe73727246f9674b6ad6d4d74074ed78776..5ec0cb79139a5d0e80b3f61f92f17625e1ab5e52 100644
--- a/interface/web/vm/templates/openvz_template_list.htm
+++ b/interface/web/vm/templates/openvz_template_list.htm
@@ -33,7 +33,7 @@
<td><a href="#" data-load-content="vm/openvz_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="active"}</a></td>
<td><a href="#" data-load-content="vm/openvz_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/interface/web/vm/templates/openvz_vm_list.htm b/interface/web/vm/templates/openvz_vm_list.htm
index 6b03cda658f8ec0adb1b717e1437d4f75097dd78..516b536bb39fb4077e22e25fb000f64b0a830749 100644
--- a/interface/web/vm/templates/openvz_vm_list.htm
+++ b/interface/web/vm/templates/openvz_vm_list.htm
@@ -48,8 +48,8 @@
<td><a href="#" data-load-content="vm/openvz_vm_edit.php?id={tmpl_var name='id'}">{tmpl_var name="hostname"}</a></td>
<td><a href="#" data-load-content="vm/openvz_vm_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ip_address"}</a></td>
<td class="text-right">
- <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="vm/openvz_action.php?id={tmpl_var name='id'}"><span class="icon icon-action"></span></button>
- <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_vm_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>
+ <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="vm/openvz_action.php?id={tmpl_var name='id'}"><span class="icon icon-action"></span></a>
+ <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_vm_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
</td>
</tr>
</tmpl_loop>
diff --git a/remoting_client/examples/dns_a_add.php b/remoting_client/examples/dns_a_add.php
index 6bcb33c6680ad55f82e38582a501495242f196d5..b669daaa1c745ff4cd3917141b8d3bb179e15d73 100644
--- a/remoting_client/examples/dns_a_add.php
+++ b/remoting_client/examples/dns_a_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'a',
'data' => '192.168.1.88',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_aaaa_add.php b/remoting_client/examples/dns_aaaa_add.php
index 4ee460b5be90a5f9a04653d600519e7bf8d53ee9..eff4148f2881785206439fcda3a98b8ddb406648 100644
--- a/remoting_client/examples/dns_aaaa_add.php
+++ b/remoting_client/examples/dns_aaaa_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'aaaa',
'data' => '3ffe:b00:c18:3::a',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_alias_add.php b/remoting_client/examples/dns_alias_add.php
index 5b1c684cef0743704581e52d58c8b370388e3284..dd8a4da4b0b6349e203b5ff89c5524fca74e2a39 100644
--- a/remoting_client/examples/dns_alias_add.php
+++ b/remoting_client/examples/dns_alias_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'alias',
'data' => 'hostmachine',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_cname_add.php b/remoting_client/examples/dns_cname_add.php
index 2d70ca65b4a40c3dcd732ba585ca7867ea752350..7731a5473035106e2939416bf064f9996c07eccf 100644
--- a/remoting_client/examples/dns_cname_add.php
+++ b/remoting_client/examples/dns_cname_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'cname',
'data' => 'hostmachine',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_hinfo_add.php b/remoting_client/examples/dns_hinfo_add.php
index a0a8c47b3c1f90035974ad3c204ac3554a65cc82..106c79083e8014eae72ed765ffb064541defd3b6 100644
--- a/remoting_client/examples/dns_hinfo_add.php
+++ b/remoting_client/examples/dns_hinfo_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'hinfo',
'data' => '"Pentium Pro" Linux',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_mx_add.php b/remoting_client/examples/dns_mx_add.php
index b1e961780973cd069393091c4fd34114262e6de5..d0838216cde06cdec84bb792d5c6151ce7d40142 100644
--- a/remoting_client/examples/dns_mx_add.php
+++ b/remoting_client/examples/dns_mx_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'mx',
'data' => 'mail',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_ns_add.php b/remoting_client/examples/dns_ns_add.php
index d650d2a99990e1b49ce440e7d7c6ec8cf6edd7fe..381041addf3099d1264afeb7ac075f774d329ba9 100644
--- a/remoting_client/examples/dns_ns_add.php
+++ b/remoting_client/examples/dns_ns_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'ns',
'data' => 'ns1',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_ptr_add.php b/remoting_client/examples/dns_ptr_add.php
index 6d4ccab9faeaa3b7d26a684cf7a9f97cfa92ba8a..a2dbdf54f58da90198f324c8a7f50f43b7dbe8ba 100644
--- a/remoting_client/examples/dns_ptr_add.php
+++ b/remoting_client/examples/dns_ptr_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'ptr',
'data' => 'webmaster.test.int.',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_rp_add.php b/remoting_client/examples/dns_rp_add.php
index a30b70370137c66294b2e77d0db123b69cc82850..27329bbe75aa8dd91f95192618d999a1229487b8 100644
--- a/remoting_client/examples/dns_rp_add.php
+++ b/remoting_client/examples/dns_rp_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'rp',
'data' => 'webmaster.test.int. contactinfo.test.int',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_srv_add.php b/remoting_client/examples/dns_srv_add.php
index 75c7df4817f092f56c1a6d2af1bf2522d41190b7..6270db75a45f3b6c77f7e17b7455e417a22c631c 100644
--- a/remoting_client/examples/dns_srv_add.php
+++ b/remoting_client/examples/dns_srv_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'srv',
'data' => '0 9 server.test.int.',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_txt_add.php b/remoting_client/examples/dns_txt_add.php
index 4ce025e64fcd7247bc60c51af131c366e2231bc7..90f06095ecbd770b130e5914c274c94c662d4af9 100644
--- a/remoting_client/examples/dns_txt_add.php
+++ b/remoting_client/examples/dns_txt_add.php
@@ -23,7 +23,7 @@ try {
'type' => 'txt',
'data' => 'any text can go here',
'aux' => '0',
- 'ttl' => '86400',
+ 'ttl' => '3600',
'active' => 'y',
'stamp' => 'CURRENT_TIMESTAMP',
'serial' => '1',
diff --git a/remoting_client/examples/dns_zone_add.php b/remoting_client/examples/dns_zone_add.php
index 677240968266fe66f7869f09204da45f9f20bb4d..62937c0bd3c4db126e4607dbc56e7fb144217564 100644
--- a/remoting_client/examples/dns_zone_add.php
+++ b/remoting_client/examples/dns_zone_add.php
@@ -25,8 +25,8 @@ try {
'refresh' => '28800',
'retry' => '7200',
'expire' => '604800',
- 'minimum' => '86400',
- 'ttl' => '86400',
+ 'minimum' => '3600',
+ 'ttl' => '3600',
'active' => 'y',
'xfer' => '',
'also_notify' => '',
diff --git a/server/conf/hhvm_monit.master b/server/conf/hhvm_monit.master
new file mode 100644
index 0000000000000000000000000000000000000000..91642c535a7e084ba51758e687c7dec057966a21
--- /dev/null
+++ b/server/conf/hhvm_monit.master
@@ -0,0 +1,3 @@
+check process hhvm_{SYSTEM_USER} with pidfile /var/run/hhvm/hhvm_{SYSTEM_USER}.pid
+ start program = "/etc/init.d/hhvm_{SYSTEM_USER} restart"
+ stop program = "/etc/init.d/hhvm_{SYSTEM_USER} stop"
\ No newline at end of file
diff --git a/server/conf/hhvm_starter.master b/server/conf/hhvm_starter.master
index ee0bbec28607041c1a78fe40d15d3811e4bbee3c..a4cac46423891f58faff6d28e908ba1dfd88cb94 100644
--- a/server/conf/hhvm_starter.master
+++ b/server/conf/hhvm_starter.master
@@ -37,15 +37,29 @@ do_start()
umask 017
sudo -u {SYSTEM_USER} touch /var/run/hhvm/hhvm_{SYSTEM_USER}.pid
+
+ BASEINIFILE=""
+ if [[ -e "/etc/hhvm/php.ini" ]] ; then
+ BASEINIFILE="--config /etc/hhvm/php.ini" ;
+ fi
+
INIFILE=""
if [[ -e "/var/www/conf/{SYSTEM_USER}/php.ini" ]] ; then
- INIFILE="-vServer.IniFile=/var/www/conf/{SYSTEM_USER}/php.ini" ;
+ INIFILE="--config /var/www/conf/{SYSTEM_USER}/php.ini" ;
elif [[ -e "/etc/php5/hhvm/php.ini" ]] ; then
- INIFILE="-vServer.IniFile=/etc/php5/hhvm/php.ini" ;
+ INIFILE="--config /etc/php5/hhvm/php.ini" ;
+ elif [[ -e "/etc/php5/fpm/php.ini" ]] ; then
+ INIFILE="--config /etc/php5/fpm/php.ini" ;
elif [[ -e "/etc/php5/cgi/php.ini" ]] ; then
- INIFILE="-vServer.IniFile=/etc/php5/cgi/php.ini" ;
+ INIFILE="--config /etc/php5/cgi/php.ini" ;
fi
- /usr/bin/hhvm --mode daemon -vServer.Type=fastcgi --user {SYSTEM_USER} -vServer.FileSocket=/var/run/hhvm/hhvm.{SYSTEM_USER}.sock -vLog.Level=Warning -vLog.UseLogFile=false -vRepo.Central.Path=/var/run/hhvm/hhvm.{SYSTEM_USER}.hhbc -vServer.FixPathInfo=false $INIFILE -vPidFile=/var/run/hhvm/hhvm_{SYSTEM_USER}.pid & echo $! > /var/run/hhvm/hhvm_{SYSTEM_USER}.pid
+
+ CUSTOMINIFILE=""
+ if [[ -e "/etc/hhvm/{SYSTEM_USER}.ini" ]] ; then
+ CUSTOMINIFILE="--config /etc/hhvm/{SYSTEM_USER}.ini" ;
+ fi
+
+ /usr/bin/hhvm --mode daemon -vServer.Type=fastcgi --user {SYSTEM_USER} -vServer.FileSocket=/var/run/hhvm/hhvm.{SYSTEM_USER}.sock -vLog.Level=Warning -vLog.UseLogFile=false -vRepo.Central.Path=/var/run/hhvm/hhvm.{SYSTEM_USER}.hhbc -vServer.FixPathInfo=false $BASEINIFILE $INIFILE $CUSTOMINIFILE -vPidFile=/var/run/hhvm/hhvm_{SYSTEM_USER}.pid & echo $! > /var/run/hhvm/hhvm_{SYSTEM_USER}.pid
}
do_stop()
diff --git a/server/cron.php b/server/cron.php
index 7a43d04905846e372e40cab9b3f15bfc823dc12d..c197da9516a8d73cc75c44f818be4449a34f2757 100644
--- a/server/cron.php
+++ b/server/cron.php
@@ -74,7 +74,7 @@ foreach($files as $f) {
unset($cronjob);
continue;
}
- print 'Included ' . $class_name . ' from ' . $file_path . ' -> will now run job.' . "\n";
+ print 'Included ' . $class_name . ' from ' . $path . '/' . $f . ' -> will now run job.' . "\n";
$cronjob->run();
diff --git a/server/lib/app.inc.php b/server/lib/app.inc.php
index a9d47a557869ca961a6ff1edc7f42b87735b0c32..dc2b0160eb4d5d8e18ba9ebfb924edb1d0f3ef6e 100755
--- a/server/lib/app.inc.php
+++ b/server/lib/app.inc.php
@@ -151,19 +151,18 @@ class app {
if(isset($this->dbmaster)) {
$server_id = $conf['server_id'];
$loglevel = $priority;
- $tstamp = time();
- $message = $this->dbmaster->quote($msg);
+ $message = $msg;
$datalog_id = (isset($this->modules->current_datalog_id) && $this->modules->current_datalog_id > 0)?$this->modules->current_datalog_id:0;
if($datalog_id > 0) {
- $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = $datalog_id AND loglevel = ".LOGLEVEL_ERROR);
+ $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = ? AND loglevel = ?", $datalog_id, LOGLEVEL_ERROR);
//* Do not insert duplicate errors into the web log.
if($tmp_rec['number'] == 0) {
- $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',$datalog_id,'$loglevel','$tstamp','$message')";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?)";
+ $this->dbmaster->query($sql, $server_id, $datalog_id, $loglevel, $message);
}
} else {
- $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',0,'$loglevel','$tstamp','$message')";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, UNIX_TIMESTAMP(), ?)";
+ $this->dbmaster->query($sql, $server_id, $loglevel, $message);
}
}
diff --git a/server/lib/classes/aps_installer.inc.php b/server/lib/classes/aps_installer.inc.php
index 1b018214850daf7b28d5fa3479371161c22b9e68..5270a5ae9ed0b6d035a6b3aecc2155b36e65c7ca 100644
--- a/server/lib/classes/aps_installer.inc.php
+++ b/server/lib/classes/aps_installer.inc.php
@@ -259,18 +259,15 @@ class ApsInstaller extends ApsBase
// Get the domain name to use for the installation
// Would be possible in one query too, but we use 2 for easier debugging
- $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);
$this->domain = $main_domain['value'];
// Get the document root
- $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain
- WHERE domain = '".$app->db->quote($this->domain)."';");
+ $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain WHERE domain = ?", $this->domain);
$this->document_root = $domain_res['document_root'];
// Get the sub location
- $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_location' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = ?", $task['instance_id']);
$this->sublocation = $location_res['value'];
// Make sure the document_root ends with /
@@ -309,67 +306,19 @@ class ApsInstaller extends ApsBase
$db_id = parent::getXPathValue($sxe, '//db:id');
if(empty($db_id)) return; // No database needed
- /* WARNING: if this will ever be uncommented please check the updated prefix handling for user and db names!!!
- *
- // Set the database owner to the domain owner
- // ISPConfig identifies the owner by the sys_groupid (not sys_userid!)
- // so sys_userid can be set to any value
- $perm = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM web_domain
- WHERE domain = '".$this->domain."';");
- $task['sys_groupid'] = $perm['sys_groupid'];
- $serverid = $perm['server_id'];
-
- // Get the database prefix and db user prefix
- $app->uses('getconf');
- $global_config = $app->getconf->get_global_config('sites');
- $dbname_prefix = str_replace('[CLIENTID]', '', $global_config['dbname_prefix']);
- $dbuser_prefix = str_replace('[CLIENTID]', '', $global_config['dbuser_prefix']);
- $this->dbhost = DB_HOST; // Taken from config.inc.php
- if(empty($this->dbhost)) $this->dbhost = 'localhost'; // Just to ensure any hostname... ;)
-
- $this->newdb_name = $dbname_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];
- $this->newdb_user = $dbuser_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];
- $dbpw_res = $app->db->queryOneRecord("SELECT Value FROM aps_instances_settings
- WHERE Name = 'main_database_password' AND InstanceID = '".$app->db->quote($task['InstanceID'])."';");
- $newdb_pw = $dbpw_res['Value'];
-
- // In any case delete an existing database (install and removal procedure)
- $app->db->query('DROP DATABASE IF EXISTS `'.$app->db->quote($this->newdb_name).'`;');
- // Delete an already existing database with this name
- $app->db->query("DELETE FROM web_database WHERE database_name = '".$app->db->quote($this->newdb_name)."';");
-
-
- // Create the new database and assign it to a user
- if($this->handle_type == 'install')
- {
- $app->db->query('CREATE DATABASE IF NOT EXISTS `'.$app->db->quote($this->newdb_name).'`;');
- $app->db->query('GRANT ALL PRIVILEGES ON '.$app->db->quote($this->newdb_name).'.* TO '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' IDENTIFIED BY \'password\';');
- $app->db->query('SET PASSWORD FOR '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' = PASSWORD(\''.$newdb_pw.'\');');
- $app->db->query('FLUSH PRIVILEGES;');
-
- // Add the new database to the customer databases
- // Assumes: charset = utf8
- $app->db->query('INSERT INTO web_database (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id,
- type, database_name, database_user, database_password, database_charset, remote_access, remote_ips, active)
- VALUES ('.$task['sys_userid'].', '.$task['sys_groupid'].', "'.$task['sys_perm_user'].'", "'.$task['sys_perm_group'].'",
- "'.$task['sys_perm_other'].'", '.$app->db->quote($serverid).', "mysql", "'.$app->db->quote($this->newdb_name).'",
- "'.$app->db->quote($this->newdb_user).'", "'.$app->db->quote($newdb_pw).'", "utf8", "n", "", "y");');
- }
- */
-
$mysqlver_res = $app->db->queryOneRecord('SELECT VERSION() as ver;');
$mysqlver = $mysqlver_res['ver'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = ?", $task['instance_id']);
$newdb_pw = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = ?", $task['instance_id']);
$newdb_host = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = ?", $task['instance_id']);
$newdb_name = $tmp['value'];
- $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = ?", $task['instance_id']);
$newdb_login = $tmp['value'];
/* Test if the new mysql connection is laready working to ensure that db servers in multiserver
@@ -470,10 +419,8 @@ class ApsInstaller extends ApsBase
$this->processMappings($mapping, $mapping_url, $this->local_installpath);
// Set the appropriate file owner
- $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");
- $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain
- WHERE domain = '".$app->db->quote($main_domain['value'])."';");
+ $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);
+ $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']);
$this->file_owner_user = $owner_res['system_user'];
$this->file_owner_group = $owner_res['system_group'];
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));
@@ -486,8 +433,7 @@ class ApsInstaller extends ApsBase
}
catch(Exception $e)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log($e->getMessage(), 1);
return false;
}
@@ -506,8 +452,7 @@ class ApsInstaller extends ApsBase
{
global $app;
- $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings
- WHERE instance_id = '".$app->db->quote($task['instance_id'])."';");
+ $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings WHERE instance_id = ?", $task['instance_id']);
if(empty($userdata)) return false;
foreach($userdata as $data)
@@ -628,15 +573,13 @@ class ApsInstaller extends ApsBase
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats'));
}
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_SUCCESS.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']);
}
}
catch(Exception $e)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log($e->getMessage(), 1);
return false;
}
@@ -675,15 +618,7 @@ class ApsInstaller extends ApsBase
else return false;
// Get all instance metadata
- /*
- $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i
- INNER JOIN aps_packages AS p ON i.package_id = p.id
- INNER JOIN client AS c ON i.customer_id = c.client_id
- WHERE i.id = ".$instanceid.";");
- */
- $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i
- INNER JOIN aps_packages AS p ON i.package_id = p.id
- WHERE i.id = ".$instanceid.";");
+ $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i INNER JOIN aps_packages AS p ON i.package_id = p.id WHERE i.id = ?", $instanceid);
if(!$task) return false; // formerly: throw new Exception('The InstanceID doesn\'t exist.');
if(!isset($task['instance_id'])) $task['instance_id'] = $instanceid;
@@ -698,6 +633,7 @@ class ApsInstaller extends ApsBase
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
if(curl_exec($ch) === false) $app->log(curl_error($ch), 1);
fclose($fh);
curl_close($ch);
@@ -720,8 +656,7 @@ class ApsInstaller extends ApsBase
// Check if the meta file is existing
if(!$metafile)
{
- $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"
- WHERE id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);
$app->log('Unable to find the meta data file of package '.$task['path'], 1);
return false;
}
@@ -754,11 +689,11 @@ class ApsInstaller extends ApsBase
// Finally delete the instance entry + settings
if($this->handle_type == 'delete')
{
- $app->db->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');
- $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->db->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);
+ $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);
if ($app->dbmaster != $app->db) {
- $app->dbmaster->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');
- $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');
+ $app->dbmaster->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);
+ $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);
}
}
diff --git a/server/lib/classes/cron.d/100-mailbox_stats.inc.php b/server/lib/classes/cron.d/100-mailbox_stats.inc.php
index 750849055f6a13cca8e00582b0cff84cceb58bec..9778b2fc579f35bc5a9b79c8300fb961ab45b9f7 100644
--- a/server/lib/classes/cron.d/100-mailbox_stats.inc.php
+++ b/server/lib/classes/cron.d/100-mailbox_stats.inc.php
@@ -32,6 +32,9 @@ class cronjob_mailbox_stats extends cronjob {
// job schedule
protected $_schedule = '0 0 * * *';
+ protected $mailbox_traffic = array();
+ protected $mail_boxes = array();
+ protected $mail_rewrites = array();
/* this function is optional if it contains no custom code */
public function onPrepare() {
@@ -57,8 +60,8 @@ class cronjob_mailbox_stats extends cronjob {
//######################################################################################################
$parse_mail_log = false;
- $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
if(count($records) > 0) $parse_mail_log = true;
foreach($records as $rec) {
@@ -82,16 +85,17 @@ class cronjob_mailbox_stats extends cronjob {
// Save the traffic stats in the sql database
$tstamp = date('Y-m');
- $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];
- $tr = $app->dbmaster->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ?";
+ $tr = $app->dbmaster->queryOneRecord($sql, $rec['mailuser_id']);
$mail_traffic += $tr['traffic'];
if($tr['traffic_id'] > 0) {
- $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];
+ $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";
+ $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);
} else {
- $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";
+ $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";
+ $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);
}
- $app->dbmaster->query($sql);
//echo $sql;
}
@@ -140,13 +144,13 @@ class cronjob_mailbox_stats extends cronjob {
}
}
- $sql = "SELECT email FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT email FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $record) {
$mail_boxes[] = $record['email'];
}
- $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $record) {
$targets = preg_split('/[\n,]+/', $record['destination']);
foreach($targets as $target) {
@@ -163,7 +167,7 @@ class cronjob_mailbox_stats extends cronjob {
$cur_line = false;
if(file_exists($state_file)) {
- $prev_line = parse_mail_log_line(trim(file_get_contents($state_file)));
+ $prev_line = $this->parse_mail_log_line(trim(file_get_contents($state_file)));
//if($prev_line) echo "continuing from previous run, log position: " . $prev_line['message-id'] . " at " . strftime('%d.%m.%Y %H:%M:%S', $prev_line['timestamp']) . "\n";
}
@@ -174,7 +178,8 @@ class cronjob_mailbox_stats extends cronjob {
while($line = fgets($fp, 8192)) {
$l++;
//if($l % 1000 == 0) echo "\rline $l";
- $cur_line = parse_mail_log_line($line);
+ $cur_line = $this->parse_mail_log_line($line);
+ //print_r($cur_line);
if(!$cur_line) continue;
if($prev_line) {
@@ -189,9 +194,13 @@ class cronjob_mailbox_stats extends cronjob {
}
}
- add_mailbox_traffic($mailbox_traffic, $cur_line['from'], $cur_line['size']);
+ $this->add_mailbox_traffic($cur_line['from'], $cur_line['size']);
+ //echo "1\n";
+ //print_r($this->mailbox_traffic);
foreach($cur_line['to'] as $to) {
- add_mailbox_traffic($mailbox_traffic, $to, $cur_line['size']);
+ $this->add_mailbox_traffic($to, $cur_line['size']);
+ //echo "2\n";
+ //print_r($this->mailbox_traffic);
}
$last_line = $line; // store for the state file
}
@@ -206,7 +215,7 @@ class cronjob_mailbox_stats extends cronjob {
while($line = fgets($fp, 8192)) {
$l++;
//if($l % 1000 == 0) echo "\rline $l";
- $cur_line = parse_mail_log_line($line);
+ $cur_line = $this->parse_mail_log_line($line);
if(!$cur_line) continue;
if($prev_line) {
@@ -231,20 +240,21 @@ class cronjob_mailbox_stats extends cronjob {
// Save the traffic stats in the sql database
$tstamp = date('Y-m');
- $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
if(array_key_exists($rec['email'], $mailbox_traffic)) {
- $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];
- $tr = $app->dbmaster->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_traffic WHERE month = ? AND mailuser_id = ?";
+ $tr = $app->dbmaster->queryOneRecord($sql, $tstamp, $rec['mailuser_id']);
$mail_traffic = $tr['traffic'] + $mailbox_traffic[$rec['email']];
if($tr['traffic_id'] > 0) {
- $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];
+ $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";
+ $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);
} else {
- $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";
+ $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";
+ $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);
}
- $app->dbmaster->query($sql);
//echo $sql;
}
}
@@ -263,6 +273,41 @@ class cronjob_mailbox_stats extends cronjob {
parent::onAfterRun();
}
+
+ private function parse_mail_log_line($line) {
+ //Oct 31 17:35:48 mx01 amavis[32014]: (32014-05) Passed CLEAN, [IPv6:xxxxx] [IPv6:xxxxx] <xxx@yyyy> -> <aaaa@bbbb>, Message-ID: <xxxx@yyyyy>, mail_id: xxxxxx, Hits: -1.89, size: 1591, queued_as: xxxxxxx, 946 ms
+
+ if(preg_match('/^(\w+\s+\d+\s+\d+:\d+:\d+)\s+[^ ]+\s+amavis.* <([^>]+)>\s+->\s+((<[^>]+>,)+) .*Message-ID:\s+<([^>]+)>.* size:\s+(\d+),.*$/', $line, $matches) == false) return false;
+
+ $timestamp = strtotime($matches[1]);
+ if(!$timestamp) return false;
+
+ $to = array();
+ $recipients = explode(',', $matches[3]);
+ foreach($recipients as $recipient) {
+ $recipient = substr($recipient, 1, -1);
+ if(!$recipient || $recipient == $matches[2]) continue;
+ $to[] = $recipient;
+ }
+ return array('line' => $line, 'timestamp' => $timestamp, 'size' => $matches[6], 'from' => $matches[2], 'to' => $to, 'message-id' => $matches[5]);
+ }
+
+ private function add_mailbox_traffic($address, $traffic) {
+
+ $address = strtolower($address);
+
+ if(in_array($address, $this->mail_boxes) == true) {
+ if(!isset($this->mailbox_traffic[$address])) $this->mailbox_traffic[$address] = 0;
+ $this->mailbox_traffic[$address] += $traffic;
+ } elseif(array_key_exists($address, $this->mail_rewrites)) {
+ foreach($this->mail_rewrites[$address] as $address) {
+ if(!isset($this->mailbox_traffic[$address])) $this->mailbox_traffic[$address] = 0;
+ $this->mailbox_traffic[$address] += $traffic;
+ }
+ } else {
+ // this is not a local address - skip it
+ }
+ }
}
diff --git a/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php b/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
index 25f7448cbec87929786babe151db5e482cac60f6..208161cc0f1b0570b136abc98778a76bf56a3ed7 100644
--- a/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_clamav_log.inc.php
@@ -82,14 +82,8 @@ class cronjob_monitor_clamav_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -158,14 +152,8 @@ class cronjob_monitor_clamav_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_cpu.inc.php b/server/lib/classes/cron.d/100-monitor_cpu.inc.php
index 3cbf5b1f32f92ddcfbba213796be0730d7cc57b3..f570eeb81913110d1d40482febee8879c02fd2d1 100644
--- a/server/lib/classes/cron.d/100-monitor_cpu.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_cpu.inc.php
@@ -111,14 +111,8 @@ class cronjob_monitor_cpu extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_database_size.inc.php b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
index c03b82de026a620fa8b65234a925e70f2c7869ed..3e9cecf465df68745bbb74e96c79214243cb314f 100644
--- a/server/lib/classes/cron.d/100-monitor_database_size.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_database_size.inc.php
@@ -78,7 +78,7 @@ class cronjob_monitor_database_size extends cronjob {
$state = 'ok';
/** Fetch the data of all databases into an array */
- $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = $server_id GROUP BY sys_groupid, database_name ASC");
+ $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = ? GROUP BY sys_groupid, database_name ASC", $server_id);
if(is_array($databases) && !empty($databases)) {
@@ -98,14 +98,8 @@ class cronjob_monitor_database_size extends cronjob {
//* Insert the data into the database
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
//* The new data is written, now we can delete the old one
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php b/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
index 2af40411e12ad01874609f98473ea0ec573d2bba..eb92c2de9dda64a9be93723830696fe70fd00c41 100644
--- a/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_disk_usage.inc.php
@@ -142,14 +142,8 @@ class cronjob_monitor_disk_usage extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
index 5d0c7a0bc4dc03750cba6ce1790d278698589f56..75014c347def49072f048b235c5afadaa976feb5 100644
--- a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
@@ -75,7 +75,7 @@ class cronjob_monitor_email_quota extends cronjob {
//* The state of the email_quota.
$state = 'ok';
- $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = $server_id");
+ $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = ?", $server_id);
if(is_array($mailboxes)) {
//* with dovecot we can use doveadm instead of 'du -s'
@@ -134,14 +134,8 @@ class cronjob_monitor_email_quota extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php b/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
index ffc93a45cde82fe239383713b321c3e6ebb1daeb..5c4ba80561b222b6be12a1dc5f8f02951a91ab64 100644
--- a/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_fail2ban.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_fail2ban extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php b/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
index 888dd153eaf7cd3e5e0c3a68c21dd26683d94a51..a4971eb532df3a99c231c90d2e3952b334bed323 100644
--- a/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_hd_quota.inc.php
@@ -134,14 +134,8 @@ class cronjob_monitor_hd_quota extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_iptables.inc.php b/server/lib/classes/cron.d/100-monitor_iptables.inc.php
index a5a1c260293bec83acc20dec0bce561545fb5bf3..1ad11d9ecccdcbf690c3337524221aee62b431f8 100644
--- a/server/lib/classes/cron.d/100-monitor_iptables.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_iptables.inc.php
@@ -107,14 +107,8 @@ class cronjob_monitor_iptables extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php b/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
index 1df3b02e029802657adc7c429f8e9f7b03712540..0f29b0c489e8028dadf4541f7cf5dd4cc468e59d 100644
--- a/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php
@@ -82,14 +82,8 @@ class cronjob_monitor_ispconfig_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -123,14 +117,8 @@ class cronjob_monitor_ispconfig_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php b/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
index e24a4cb206a47fcb063867d6119fea488f125ba8..0b44065b2b4a251b5d7163b468c15443abb0d19c 100644
--- a/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php
@@ -85,14 +85,8 @@ class cronjob_monitor_ispconfig_version extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mail_log.inc.php b/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
index d5613a137bb4973d8c512628d824def94bffdfd0..5c41105d3c7aadf3765f39b68beb5217d104c578 100644
--- a/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mail_log.inc.php
@@ -88,14 +88,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -122,14 +116,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -156,14 +144,8 @@ class cronjob_monitor_mail_log extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php b/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
index b1f7089abe5a612e71589f5f966083c02fd096b7..b259904d55752c36407517f87aed98863161ba4c 100644
--- a/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mail_queue.inc.php
@@ -113,14 +113,8 @@ class cronjob_monitor_mail_queue extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php b/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
index 05b196a39509a4789511aabbe1833d6997919981..73567478dc33cb2aee8f903ffe8358f45e460648 100644
--- a/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mem_usage.inc.php
@@ -99,14 +99,8 @@ class cronjob_monitor_mem_usage extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_mongodb.inc.php b/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
index 23f31718c6ac3dba9616fa5eafe2bd281e33a193..244cb65eb1056380308540a5bf9e6fa306f608fe 100644
--- a/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_mongodb.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_mongodb extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_openvz.inc.php b/server/lib/classes/cron.d/100-monitor_openvz.inc.php
index 08d155fae776e6887b196ab9356cdbdb5e3ab8e5..30b51b4b5fb50242648f9b66be66c08d9a01ea6e 100644
--- a/server/lib/classes/cron.d/100-monitor_openvz.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_openvz.inc.php
@@ -86,14 +86,8 @@ class cronjob_monitor_openvz extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -158,14 +152,8 @@ class cronjob_monitor_openvz extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_os_version.inc.php b/server/lib/classes/cron.d/100-monitor_os_version.inc.php
index b9978eaeb27644b21fabe1992c02925233116bdc..38766210212b46df93df725dab2cc201ad606f90 100644
--- a/server/lib/classes/cron.d/100-monitor_os_version.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_os_version.inc.php
@@ -87,14 +87,8 @@ class cronjob_monitor_os_version extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_raid.inc.php b/server/lib/classes/cron.d/100-monitor_raid.inc.php
index 86a6908ab44afb32fbace36ec2946a154fadb108..439ab8ce528d9cdae81a5f2af0b58c93c2ccbafa 100644
--- a/server/lib/classes/cron.d/100-monitor_raid.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_raid.inc.php
@@ -240,14 +240,8 @@ class cronjob_monitor_raid extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php b/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
index 5d99d7f4e470a6288b0fdd549834cbefdc0503f6..d5beee70bcf1dac36ac38f1f2bf7108bd9c4e5a2 100644
--- a/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_rkhunter.inc.php
@@ -102,14 +102,8 @@ class cronjob_monitor_rkhunter extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_server.inc.php b/server/lib/classes/cron.d/100-monitor_server.inc.php
index 6ceb584cf5e6d6189343a1997ecebdc13410d7d8..5a053f430e2cd317bcf90cd66644c96ef0c4923f 100644
--- a/server/lib/classes/cron.d/100-monitor_server.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_server.inc.php
@@ -108,14 +108,8 @@ class cronjob_monitor_server extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_services.inc.php b/server/lib/classes/cron.d/100-monitor_services.inc.php
index 3235ee781fb0af71e0553e0d3982a21597cdc051..2c169a2de837f73c0a46628bea68f873565a33f1 100644
--- a/server/lib/classes/cron.d/100-monitor_services.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_services.inc.php
@@ -67,14 +67,8 @@ class cronjob_monitor_services extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_syslog.inc.php b/server/lib/classes/cron.d/100-monitor_syslog.inc.php
index b62112179c23895f0dd37a2253b5981cb79f4f61..c101de0087d566884999a0ca1fa02e2d307739dd 100644
--- a/server/lib/classes/cron.d/100-monitor_syslog.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_syslog.inc.php
@@ -70,7 +70,7 @@ class cronjob_monitor_syslog extends cronjob {
* is there any warning or error for this server?
*/
$state = 'ok';
- $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ' . $server_id . ' AND loglevel > 0');
+ $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ? AND loglevel > 0', $server_id);
if (is_array($dbData)) {
foreach ($dbData as $item) {
if ($item['loglevel'] == 1)
@@ -93,14 +93,8 @@ class cronjob_monitor_syslog extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
@@ -127,14 +121,8 @@ class cronjob_monitor_syslog extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/100-monitor_system_update.inc.php b/server/lib/classes/cron.d/100-monitor_system_update.inc.php
index 33c5c1f02fd018af5dbc38d0e6d53176a5788f58..35338dc21d04efc318c44f5fa9551f09e2fc5e98 100644
--- a/server/lib/classes/cron.d/100-monitor_system_update.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_system_update.inc.php
@@ -187,14 +187,8 @@ class cronjob_monitor_system_update extends cronjob {
* Insert the data into the database
*/
$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
- 'VALUES (' .
- $res['server_id'] . ', ' .
- "'" . $app->dbmaster->quote($res['type']) . "', " .
- 'UNIX_TIMESTAMP(), ' .
- "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
- "'" . $res['state'] . "'" .
- ')';
- $app->dbmaster->query($sql);
+ 'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+ $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
/* The new data is written, now we can delete the old one */
$this->_tools->delOldRecords($res['type'], $res['server_id']);
diff --git a/server/lib/classes/cron.d/150-awstats.inc.php b/server/lib/classes/cron.d/150-awstats.inc.php
index 9803a89f13f4724a3f45accc4e879d4416998d6e..ea0c64f67a6de621b3b1482803e49394233c92bc 100644
--- a/server/lib/classes/cron.d/150-awstats.inc.php
+++ b/server/lib/classes/cron.d/150-awstats.inc.php
@@ -54,8 +54,8 @@ class cronjob_awstats extends cronjob {
// Create awstats statistics
//######################################################################################################
- $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
@@ -65,7 +65,7 @@ class cronjob_awstats extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
@@ -89,8 +89,8 @@ class cronjob_awstats extends cronjob {
if(is_file($awstats_website_conf_file)) unlink($awstats_website_conf_file);
- $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ".$rec['domain_id'];
- $aliases = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ?";
+ $aliases = $app->db->queryAllRecords($sql, $rec['domain_id']);
$aliasdomain = '';
if(is_array($aliases)) {
diff --git a/server/lib/classes/cron.d/150-webalizer.inc.php b/server/lib/classes/cron.d/150-webalizer.inc.php
index 1f9a921f0d383f04cea5676789ba5afcfc9b0749..b85000320059ce4da949f7c640dcf584c485a107 100644
--- a/server/lib/classes/cron.d/150-webalizer.inc.php
+++ b/server/lib/classes/cron.d/150-webalizer.inc.php
@@ -79,8 +79,8 @@ class cronjob_webalizer extends cronjob {
}
- $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
//$yesterday = date('Ymd',time() - 86400);
@@ -88,7 +88,7 @@ class cronjob_webalizer extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
diff --git a/server/lib/classes/cron.d/200-logfiles.inc.php b/server/lib/classes/cron.d/200-logfiles.inc.php
index a802ff9eee3132aed204bf69ec3545ec9d0a208e..98dd662f696f636e6e33a217e39ba19894284fc2 100644
--- a/server/lib/classes/cron.d/200-logfiles.inc.php
+++ b/server/lib/classes/cron.d/200-logfiles.inc.php
@@ -60,8 +60,8 @@ class cronjob_logfiles extends cronjob {
// Manage and compress web logfiles and create traffic statistics
//######################################################################################################
- $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
//* create traffic statistics based on yesterdays access log file
@@ -69,7 +69,7 @@ class cronjob_logfiles extends cronjob {
$log_folder = 'log';
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];
$log_folder .= '/' . $subdomain_host;
@@ -89,16 +89,14 @@ class cronjob_logfiles extends cronjob {
//* Insert / update traffic in master database
$traffic_date = date('Y-m-d', time() - 86400);
- $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname='".$rec['domain']."' and traffic_date='".$traffic_date."'");
+ $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname=? and traffic_date=?", $rec['domain'], $traffic_date);
if(is_array($tmp) && count($tmp) > 0) {
- $sql = "update web_traffic set traffic_bytes=traffic_bytes+"
- . $total_bytes
- . " where hostname='" . $rec['domain']
- . "' and traffic_date='" . $traffic_date . "'";
+ $sql = "UPDATE web_traffic SET traffic_bytes=traffic_bytes + ? WHERE hostname = ? AND traffic_date = ?";
+ $app->dbmaster->query($sql, $total_bytes, $rec['domain'], $traffic_date);
} else {
- $sql = "insert into web_traffic (hostname, traffic_date, traffic_bytes) values ('".$rec['domain']."', '".$traffic_date."', '".$total_bytes."')";
+ $sql = "INSERT INTO web_traffic (hostname, traffic_date, traffic_bytes) VALUES (?, ?, ?)";
+ $app->dbmaster->query($sql, $rec['domain'], $traffic_date, $total_bytes);
}
- $app->dbmaster->query($sql);
fclose($handle);
}
@@ -197,8 +195,8 @@ class cronjob_logfiles extends cronjob {
// Cleanup website tmp directories
//######################################################################################################
- $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ".$conf['server_id'];
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
$app->uses('system');
if(is_array($records)) {
foreach($records as $rec){
@@ -225,8 +223,8 @@ class cronjob_logfiles extends cronjob {
* if they are NOT ok, the server will try to process them in 1 minute and so the
* error appears again after 1 minute. So it is no problem to delete the old one!
*/
- $sql = "DELETE FROM sys_log WHERE tstamp < " . $tstamp . " AND server_id != 0";
- $app->dbmaster->query($sql);
+ $sql = "DELETE FROM sys_log WHERE tstamp < ? AND server_id != 0";
+ $app->dbmaster->query($sql, $tstamp);
/*
* Delete all remote-actions "done" and older than 7 days
@@ -236,11 +234,8 @@ class cronjob_logfiles extends cronjob {
$sql = "SELECT max(action_id) FROM sys_remoteaction";
$res = $app->dbmaster->queryOneRecord($sql);
$maxId = $res['max(action_id)'];
- $sql = "DELETE FROM sys_remoteaction " .
- "WHERE tstamp < " . $tstamp . " " .
- " AND action_state = 'ok' " .
- " AND action_id <" . intval($maxId);
- $app->dbmaster->query($sql);
+ $sql = "DELETE FROM sys_remoteaction WHERE tstamp < ? AND action_state = 'ok' AND action_id < ?";
+ $app->dbmaster->query($sql, $tstamp, $maxId);
/*
* The sys_datalog is more difficult.
@@ -270,14 +265,10 @@ class cronjob_logfiles extends cronjob {
foreach($records as $server) {
$tmp_server_id = intval($server['server_id']);
if($tmp_server_id > 0) {
- $sql = "DELETE FROM sys_datalog " .
- "WHERE tstamp < " . $tstamp .
- " AND server_id = " . intval($server['server_id']) .
- " AND datalog_id < " . intval($server['updated']) .
- " AND datalog_id < " . intval($maxId);
+ $sql = "DELETE FROM sys_datalog WHERE tstamp < ? AND server_id = ? AND datalog_id < ? AND datalog_id < ?";
+ // echo $sql . "\n";
+ $app->dbmaster->query($sql, $tstamp, $server['server_id'], $server['updated'], $maxId);
}
- // echo $sql . "\n";
- $app->dbmaster->query($sql);
}
}
diff --git a/server/lib/classes/cron.d/300-quota_notify.inc.php b/server/lib/classes/cron.d/300-quota_notify.inc.php
index f18394c58cdef45fdf51592742221e2c054cfe5e..d250fe74665897c632af5ca1bb85f269fd9cafd1 100644
--- a/server/lib/classes/cron.d/300-quota_notify.inc.php
+++ b/server/lib/classes/cron.d/300-quota_notify.inc.php
@@ -49,6 +49,11 @@ class cronjob_quota_notify extends cronjob {
public function onRunJob() {
global $app, $conf;
+
+ /* used for all monitor cronjobs */
+ $app->load('monitor_tools');
+ $this->_tools = new monitor_tools();
+ /* end global section for monitor cronjobs */
//######################################################################################################
// enforce traffic quota (run only on the "master-server")
@@ -69,26 +74,12 @@ class cronjob_quota_notify extends cronjob {
$web_traffic_quota = $rec['traffic_quota'];
$domain = $rec['domain'];
- // get the client
- /*
- $client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT limit_traffic_quota,parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota FROM client WHERE client_id = ".intval($client['parent_client_id']));
-
- $client_traffic_quota = intval($client['limit_traffic_quota']);
- $reseller_traffic_quota = intval($reseller['limit_traffic_quota']);
- */
-
//* get the traffic
$tmp = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) As total_traffic_bytes FROM web_traffic WHERE traffic_date like '$current_month%' AND hostname = '$domain'");
$web_traffic = round($tmp['total_traffic_bytes']/1024/1024);
- //* Website is over quota, we will disable it
- /*if( ($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) ||
- ($client_traffic_quota > 0 && $web_traffic > $client_traffic_quota) ||
- ($reseller_traffic_quota > 0 && $web_traffic > $reseller_traffic_quota)) {*/
if($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) {
- $app->dbmaster->datalogUpdate('web_domain', "traffic_quota_lock = 'y',active = 'n'", 'domain_id', $rec['domain_id']);
+ $app->dbmaster->datalogUpdate('web_domain', array("traffic_quota_lock" => 'y', "active" => 'n'), 'domain_id', $rec['domain_id']);
$app->log('Traffic quota for '.$rec['domain'].' exceeded. Disabling website.', LOGLEVEL_DEBUG);
//* Send traffic notifications
@@ -106,7 +97,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overtraffic_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -118,7 +109,7 @@ class cronjob_quota_notify extends cronjob {
} else {
//* unlock the website, if traffic is lower then quota
if($rec['traffic_quota_lock'] == 'y') {
- $app->dbmaster->datalogUpdate('web_domain', "traffic_quota_lock = 'n',active = 'y'", 'domain_id', $rec['domain_id']);
+ $app->dbmaster->datalogUpdate('web_domain', array("traffic_quota_lock" => 'n', "active" => 'y'), 'domain_id', $rec['domain_id']);
$app->log('Traffic quota for '.$rec['domain'].' ok again. Re-enabling website.', LOGLEVEL_DEBUG);
}
}
@@ -206,7 +197,7 @@ class cronjob_quota_notify extends cronjob {
// send notifications only if 90% or more of the quota are used
if($used_ratio < 0.9) {
// reset notification date
- if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_domain', "last_quota_notification = NULL", 'domain_id', $rec['domain_id']);
+ if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => null), 'domain_id', $rec['domain_id']);
// send notification - everything ok again
if($rec['last_quota_notification'] && $web_config['overquota_notify_onok'] == 'y' && ($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y')) {
@@ -227,7 +218,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -243,7 +234,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('web_domain', "last_quota_notification = CURDATE()", 'domain_id', $rec['domain_id']);
+ $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'domain_id', $rec['domain_id']);
$placeholders = array('{domain}' => $rec['domain'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
@@ -262,7 +253,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($web_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -335,7 +326,7 @@ class cronjob_quota_notify extends cronjob {
// send notifications only if 90% or more of the quota are used
if($used_ratio < 0.9) {
// reset notification date
- if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('mail_user', "last_quota_notification = NULL", 'mailuser_id', $rec['mailuser_id']);
+ if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => null), 'mailuser_id', $rec['mailuser_id']);
// send notification - everything ok again
if($rec['last_quota_notification'] && $mail_config['overquota_notify_onok'] == 'y' && ($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y')) {
@@ -355,7 +346,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($mail_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -372,7 +363,7 @@ class cronjob_quota_notify extends cronjob {
elseif($mail_config['overquota_notify_freq'] > 0 && $rec['notified_before'] >= $mail_config['overquota_notify_freq']) $send_notification = true;
if(($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('mail_user', "last_quota_notification = CURDATE()", 'mailuser_id', $rec['mailuser_id']);
+ $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'mailuser_id', $rec['mailuser_id']);
$placeholders = array('{email}' => $rec['email'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
@@ -390,7 +381,7 @@ class cronjob_quota_notify extends cronjob {
//* Send email to client
if($mail_config['overquota_notify_client'] == 'y') {
$client_group_id = $rec["sys_groupid"];
- $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client['email'] != '') {
$recipients[] = $client['email'];
}
@@ -427,7 +418,7 @@ class cronjob_quota_notify extends cronjob {
}
//* get databases
- $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database;");
+ $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database");
if(is_array($database_records) && !empty($database_records) && is_array($monitor_data) && !empty($monitor_data)) {
//* check database-quota
@@ -442,7 +433,7 @@ class cronjob_quota_notify extends cronjob {
if ($monitor['database_name'] == $database) {
//* get the client
- $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$database."'");
+ $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $database);
//* check quota
if ($quota > 0) $used_ratio = $monitor['size'] / $quota;
@@ -452,9 +443,9 @@ class cronjob_quota_notify extends cronjob {
if($used_ratio > 0.9) {
//* reset notification date
- if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = NULL", 'database_id', $rec['database_id']);
+ if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => null), 'database_id', $rec['database_id']);
- $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = CURDATE()", 'database_id', $rec['database_id']);
+ $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);
// send notification - everything ok again
if($rec['last_quota_notification'] && $web_config['overquota_notify_onok'] == 'y' && ($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y')) {
@@ -489,7 +480,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = CURDATE()", 'database_id', $rec['database_id']);
+ $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);
$placeholders = array(
'{database_name}' => $rec['database_name'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
diff --git a/server/lib/classes/cron.d/400-openvz.inc.php b/server/lib/classes/cron.d/400-openvz.inc.php
index 18f4598be2e03dde3fb17cc45673cdaf0c5da5d7..5eba8d2081126d9ce5b2bc132a62ab813168946d 100644
--- a/server/lib/classes/cron.d/400-openvz.inc.php
+++ b/server/lib/classes/cron.d/400-openvz.inc.php
@@ -55,14 +55,12 @@ class cronjob_openvz extends cronjob {
//######################################################################################################
if ($app->dbmaster == $app->db) {
- $current_date = date('Y-m-d');
-
//* Check which virtual machines have to be deactivated
- $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < '$current_date'";
+ $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < CURDATE()";
$records = $app->db->queryAllRecords($sql);
if(is_array($records)) {
foreach($records as $rec) {
- $app->dbmaster->datalogUpdate('openvz_vm', "active = 'n'", 'vm_id', $rec['vm_id']);
+ $app->dbmaster->datalogUpdate('openvz_vm', array("active" => 'n'), 'vm_id', $rec['vm_id']);
$app->log('Virtual machine active date expired. Disabling VM '.$rec['veid'], LOGLEVEL_DEBUG);
}
}
diff --git a/server/lib/classes/cron.d/500-backup.inc.php b/server/lib/classes/cron.d/500-backup.inc.php
index 81f80643665369c2f510f702bb9202523ddfb087..a9fa3f91fe06553045750d1079b3f396868a97ce 100644
--- a/server/lib/classes/cron.d/500-backup.inc.php
+++ b/server/lib/classes/cron.d/500-backup.inc.php
@@ -76,6 +76,8 @@ class cronjob_backup extends cronjob {
//* mount backup directory, if necessary
if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;
if($run_backups){
+ $web_array = array();
+
//* backup only active domains
$sql = "SELECT * FROM web_domain WHERE server_id = ? AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y'";
$records = $app->db->queryAllRecords($sql, $conf['server_id']);
@@ -89,6 +91,7 @@ class cronjob_backup extends cronjob {
$web_user = $rec['system_user'];
$web_group = $rec['system_group'];
$web_id = $rec['domain_id'];
+ if(!in_array($web_id, $web_array)) $web_array[] = $web_id;
$web_backup_dir = $backup_dir.'/web'.$web_id;
if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750);
chmod($web_backup_dir, 0750);
@@ -130,8 +133,6 @@ class cronjob_backup extends cronjob {
chmod($web_backup_dir.'/'.$web_backup_file, 0750);
//* Insert web backup record in database
- //$insert_data = "(server_id,parent_domain_id,backup_type,backup_mode,tstamp,filename) VALUES (".$conf['server_id'].",".$web_id.",'web','".$backup_mode."',".time().",'".$app->db->quote($web_backup_file)."')";
- //$app->dbmaster->datalogInsert('web_backup', $insert_data, 'backup_id');
$filesize = filesize($web_backup_dir.'/'.$web_backup_file);
$sql = "INSERT INTO web_backup (server_id, parent_domain_id, backup_type, backup_mode, tstamp, filename, filesize) VALUES (?, ?, ?, ?, ?, ?, ?)";
$app->db->query($sql, $conf['server_id'], $web_id, 'web', $backup_mode, time(), $web_backup_file, $filesize);
@@ -159,14 +160,10 @@ class cronjob_backup extends cronjob {
for ($n = $backup_copies; $n <= 10; $n++) {
if(isset($files[$n]) && is_file($web_backup_dir.'/'.$files[$n])) {
- unlink($web_backup_dir.'/'.$files[$n]);
- //$sql = "SELECT backup_id FROM web_backup WHERE server_id = ".$conf['server_id']." AND parent_domain_id = $web_id AND filename = '".$app->db->quote($files[$n])."'";
- //$tmp = $app->dbmaster->queryOneRecord($sql);
- //$app->dbmaster->datalogDelete('web_backup', 'backup_id', $tmp['backup_id']);
- //$sql = "DELETE FROM web_backup WHERE backup_id = ".intval($tmp['backup_id']);
$sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
$app->db->query($sql, $conf['server_id'], $web_id, $files[$n]);
if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $web_id, $files[$n]);
+ @unlink($web_backup_dir.'/'.$files[$n]);
}
}
@@ -215,6 +212,7 @@ class cronjob_backup extends cronjob {
if($rec['backup_interval'] == 'daily' or ($rec['backup_interval'] == 'weekly' && date('w') == 0) or ($rec['backup_interval'] == 'monthly' && date('d') == '01')) {
$web_id = $rec['parent_domain_id'];
+ if(!in_array($web_id, $web_array)) $web_array[] = $web_id;
$db_backup_dir = $backup_dir.'/web'.$web_id;
if(!is_dir($db_backup_dir)) mkdir($db_backup_dir, 0750);
chmod($db_backup_dir, 0750);
@@ -234,7 +232,7 @@ class cronjob_backup extends cronjob {
$db_name = $rec['database_name'];
$db_backup_file = 'db_'.$db_name.'_'.date('Y-m-d_H-i').'.sql';
//$command = "mysqldump -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p'".escapeshellcmd($clientdb_password)."' -c --add-drop-table --create-options --quick --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";
- $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";
+ $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --max_allowed_packet=512M --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";
exec($command, $tmp_output, $retval);
//* Compress the backup with gzip
@@ -247,8 +245,6 @@ class cronjob_backup extends cronjob {
chgrp($db_backup_dir.'/'.$db_backup_file.'.gz', filegroup($db_backup_dir));
//* Insert web backup record in database
- //$insert_data = "(server_id,parent_domain_id,backup_type,backup_mode,tstamp,filename) VALUES (".$conf['server_id'].",$web_id,'mysql','sqlgz',".time().",'".$app->db->quote($db_backup_file).".gz')";
- //$app->dbmaster->datalogInsert('web_backup', $insert_data, 'backup_id');
$filesize = filesize($db_backup_dir.'/'.$db_backup_file.'.gz');
$sql = "INSERT INTO web_backup (server_id, parent_domain_id, backup_type, backup_mode, tstamp, filename, filesize) VALUES (?, ?, ?, ?, ?, ?, ?)";
$app->db->query($sql, $conf['server_id'], $web_id, 'mysql', 'sqlgz', time(), $db_backup_file.'.gz', $filesize);
@@ -268,7 +264,7 @@ class cronjob_backup extends cronjob {
$dir_handle = dir($db_backup_dir);
$files = array();
while (false !== ($entry = $dir_handle->read())) {
- if($entry != '.' && $entry != '..' && preg_match('/^db_(.*?)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($db_backup_dir.'/'.$entry)) {
+ if($entry != '.' && $entry != '..' && preg_match('/^db_('.$db_name.')_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($db_backup_dir.'/'.$entry)) {
if(array_key_exists($matches[1], $files) == false) $files[$matches[1]] = array();
$files[$matches[1]][] = $entry;
}
@@ -280,13 +276,10 @@ class cronjob_backup extends cronjob {
rsort($filelist);
for ($n = $backup_copies; $n <= 10; $n++) {
if(isset($filelist[$n]) && is_file($db_backup_dir.'/'.$filelist[$n])) {
- unlink($db_backup_dir.'/'.$filelist[$n]);
- //$sql = "SELECT backup_id FROM web_backup WHERE server_id = ".$conf['server_id']." AND parent_domain_id = $web_id AND filename = '".$app->db->quote($filelist[$n])."'";
- //$tmp = $app->dbmaster->queryOneRecord($sql);
- //$sql = "DELETE FROM web_backup WHERE backup_id = ".intval($tmp['backup_id']);
$sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
$app->db->query($sql, $conf['server_id'], $web_id, $filelist[$n]);
if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $web_id, $filelist[$n]);
+ @unlink($db_backup_dir.'/'.$filelist[$n]);
}
}
}
@@ -310,7 +303,51 @@ class cronjob_backup extends cronjob {
if(!is_file($backup_file)){
$sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
$app->db->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
- if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
+ }
+ }
+ }
+ if($app->db->dbHost != $app->dbmaster->dbHost){
+ $backups = $app->dbmaster->queryAllRecords("SELECT * FROM web_backup WHERE server_id = ?", $conf['server_id']);
+ if(is_array($backups) && !empty($backups)){
+ foreach($backups as $backup){
+ $backup_file = $backup_dir.'/web'.$backup['parent_domain_id'].'/'.$backup['filename'];
+ if(!is_file($backup_file)){
+ $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
+ $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
+ }
+ }
+ }
+ }
+
+ // garbage collection (non-existing databases)
+ if(is_array($web_array) && !empty($web_array)){
+ foreach($web_array as $tmp_web_id){
+ $tmp_backup_dir = $backup_dir.'/web'.$tmp_web_id;
+ if(is_dir($tmp_backup_dir)){
+ $dir_handle = dir($tmp_backup_dir);
+ $files = array();
+ while (false !== ($entry = $dir_handle->read())) {
+ if($entry != '.' && $entry != '..' && preg_match('/^db_(.*?)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($tmp_backup_dir.'/'.$entry)) {
+
+ $tmp_db_name = $matches[1];
+ $tmp_database = $app->db->queryOneRecord("SELECT * FROM web_database WHERE server_id = ? AND parent_domain_id = ? AND database_name = ?", $conf['server_id'], $tmp_web_id, $tmp_db_name);
+
+ if(is_array($tmp_database) && !empty($tmp_database)){
+ if($tmp_database['backup_interval'] == 'none' || intval($tmp_database['backup_copies']) == 0){
+ @unlink($tmp_backup_dir.'/'.$entry);
+ $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
+ $app->db->query($sql, $conf['server_id'], $tmp_web_id, $entry);
+ if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $tmp_web_id, $entry);
+ }
+ } else {
+ @unlink($tmp_backup_dir.'/'.$entry);
+ $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
+ $app->db->query($sql, $conf['server_id'], $tmp_web_id, $entry);
+ if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $tmp_web_id, $entry);
+ }
+ }
+ }
+ $dir_handle->close();
}
}
}
@@ -326,6 +363,27 @@ class cronjob_backup extends cronjob {
}
}
}
+
+ // delete files from backup download dir (/var/www/example.com/backup)
+ unset($records, $entry, $files);
+ $sql = "SELECT * FROM web_domain WHERE server_id = ? AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y'";
+ $records = $app->db->queryAllRecords($sql, $conf['server_id']);
+ if(is_array($records)) {
+ foreach($records as $rec) {
+ $backup_download_dir = $rec['document_root'].'/backup';
+ if(is_dir($backup_download_dir)){
+ $dir_handle = dir($backup_download_dir);
+ $files = array();
+ while (false !== ($entry = $dir_handle->read())) {
+ if($entry != '.' && $entry != '..' && is_file($backup_download_dir.'/'.$entry)) {
+ // delete files older than 3 days
+ if(time() - filemtime($backup_download_dir.'/'.$entry) >= 60*60*24*3) @unlink($backup_download_dir.'/'.$entry);
+ }
+ }
+ $dir_handle->close();
+ }
+ }
+ }
parent::onRunJob();
}
diff --git a/server/lib/classes/cron.d/500-backup_mail.inc.php b/server/lib/classes/cron.d/500-backup_mail.inc.php
index e16cce19eea8c5add3bc7f6713982ad94bc0af4f..89cb1673b45530cc28bd6ffe71d4a322ba11409d 100644
--- a/server/lib/classes/cron.d/500-backup_mail.inc.php
+++ b/server/lib/classes/cron.d/500-backup_mail.inc.php
@@ -65,7 +65,7 @@ class cronjob_backup_mail extends cronjob {
//* mount backup directory, if necessary
if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;
- $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir <> ''", intval($conf['server_id']));
+ $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir != ''", intval($conf['server_id']));
if(is_array($records) && $run_backups) {
if(!is_dir($backup_dir)) {
@@ -88,13 +88,13 @@ class cronjob_backup_mail extends cronjob {
if ($global_config['backups_include_into_web_quota'] == 'y') {
// this only works, if mail and webdomains are on the same server
// find webdomain fitting to maildomain
- $sql = "SELECT * FROM web_domain WHERE domain = '".$domain_rec['domain']."'";
- $webdomain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain = ?";
+ $webdomain = $app->db->queryOneRecord($sql, $domain_rec['domain']);
// if this is not also the website, find website now
if ($webdomain && ($webdomain['parent_domain_id'] != 0)) {
do {
- $sql = "SELECT * FROM web_domain WHERE domain_id = ".$webdomain['parent_domain_id'];
- $webdomain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain_id = ?";
+ $webdomain = $app->db->queryOneRecord($sql, $webdomain['parent_domain_id']);
} while ($webdomain && ($webdomain['parent_domain_id'] != 0));
}
// if webdomain is found, change username/group now
diff --git a/server/lib/classes/cron.d/600-cleanup.inc.php b/server/lib/classes/cron.d/600-cleanup.inc.php
index 8222fe54d0e59524ff3e5e9e494982cf21f1ecd2..e55c2599b959dda4fe0994c36b301625744732a2 100644
--- a/server/lib/classes/cron.d/600-cleanup.inc.php
+++ b/server/lib/classes/cron.d/600-cleanup.inc.php
@@ -58,8 +58,8 @@ class cronjob_cleanup extends cronjob {
$records = $app->db->queryAllRecords("SELECT s.instance_id, s.name, s.value FROM `aps_instances_settings` as s INNER JOIN `aps_instances` as i ON (i.id = s.instance_id) WHERE s.value != '' AND s.name IN ('main_database_password', 'admin_password') AND i.instance_status > 1");
if(is_array($records)) {
foreach($records as $rec) {
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = '".$app->db->quote($rec['instance_id'])."' AND name = '".$app->db->quote($rec['name'])."'");
- $app->db->datalogUpdate('aps_instances_settings', "value = ''", 'id', $tmp['id']);
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = ? AND name = ?", $rec['instance_id'], $rec['name']);
+ $app->db->datalogUpdate('aps_instances_settings', array("value" => ''), 'id', $tmp['id']);
}
}
}
diff --git a/server/lib/classes/cronjob.inc.php b/server/lib/classes/cronjob.inc.php
index 7fe90c2fd66f664475dda125551ae5751a711ca9..03e36e774dde239a8836075da554368ee6923757 100644
--- a/server/lib/classes/cronjob.inc.php
+++ b/server/lib/classes/cronjob.inc.php
@@ -76,7 +76,7 @@ class cronjob {
// check the run time and values for this job
// get previous run data
- $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");
+ $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = ?", get_class($this));
if($data) {
if($data['last_run']) $this->_last_run = $data['last_run'];
if($data['next_run']) $this->_next_run = $data['next_run'];
@@ -90,7 +90,7 @@ class cronjob {
$next_run = $app->cron->getNextRun(ISPConfigDateTime::dbtime());
$this->_next_run = $next_run;
- $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', " . ($this->_last_run ? "'" . $app->db->quote($this->_last_run) . "'" : "NULL") . ", " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", " . ($this->_running == true ? "1" : "0") . ")");
+ $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, ?, ?, ?)", get_class($this), ($this->_last_run ? $this->_last_run : "#NULL#"), ($next_run === false ? "#NULL#" : $next_run . "'"), ($this->_running == true ? "1" : "0"));
}
}
}
@@ -131,7 +131,7 @@ class cronjob {
print "Jobs next run is now " . $next_run . "\n";
- $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', NOW(), " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", 1)");
+ $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, NOW(), ?, 1)", get_class($this), ($next_run === false ? "#NULL#" : $next_run));
return true;
}
@@ -154,7 +154,7 @@ class cronjob {
global $app;
print "Called onCompleted() for class " . get_class($this) . "\n";
- $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");
+ $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = ?", get_class($this));
}
}
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 8075d1f1fd3ad215b016e5b34cbb5d76e707f267..d2592f5e46dffd150bb4c45b0dd8a0390ec85c76 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -132,8 +132,10 @@ class db extends mysqli
if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
$sTxt = $this->escape($sValue);
- if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
- else $sTxt = '`' . $sTxt . '`';
+ if(strpos($sTxt, '.') !== false) {
+ $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ $sTxt = str_replace('.`*`', '.*', $sTxt);
+ } else $sTxt = '`' . $sTxt . '`';
$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
$iPos2 += strlen($sTxt);
@@ -141,13 +143,17 @@ class db extends mysqli
} else {
if(is_int($sValue) || is_float($sValue)) {
$sTxt = $sValue;
- } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ } elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
- $sTxt = '';
- foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
- $sTxt = '(' . substr($sTxt, 1) . ')';
- if($sTxt == '()') $sTxt = '(0)';
+ if(isset($sValue['SQL'])) {
+ $sTxt = $sValue['SQL'];
+ } else {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ }
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
@@ -615,20 +621,27 @@ class db extends mysqli
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
+ $params = array($tablename);
+ $v_params = array();
foreach($insert_data as $key => $val) {
- $key_str .= "`".$key ."`,";
- $val_str .= "'".$this->escape($val)."',";
+ $key_str .= '??,';
+ $params[] = $key;
+
+ $val_str .= '?,';
+ $v_params[] = $val;
}
$key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1);
$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
+ $this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
} else {
+ /* TODO: deprecate this method! */
$insert_data_str = $insert_data;
+ $this->query("INSERT INTO ?? $insert_data_str", $tablename);
+ $app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
- /* TODO: reduce risk of insert_data_str! */
-
+
$old_rec = array();
- $this->query("INSERT INTO ?? $insert_data_str", $tablename);
$index_value = $this->insertID();
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
@@ -643,17 +656,24 @@ class db extends mysqli
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
+ $params = array($tablename);
$update_data_str = '';
foreach($update_data as $key => $val) {
- $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";
+ $update_data_str .= '?? = ?,';
+ $params[] = $key;
+ $params[] = $val;
}
+ $params[] = $index_field;
+ $params[] = $index_value;
$update_data_str = substr($update_data_str, 0, -1);
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);
} else {
+ /* TODO: deprecate this method! */
$update_data_str = $update_data;
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
}
- /* TODO: reduce risk of update_data_str */
- $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
@@ -676,7 +696,7 @@ class db extends mysqli
public function datalogError($errormsg) {
global $app;
- if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = '".$this->quote($errormsg)."' WHERE datalog_id = ".$app->modules->current_datalog_id);
+ if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
return true;
}
diff --git a/server/lib/classes/functions.inc.php b/server/lib/classes/functions.inc.php
index be555031fd5ddc297154745539796bc0dde39d1d..5632a58753dc8a99431e7f409e53b9fedd232bee 100644
--- a/server/lib/classes/functions.inc.php
+++ b/server/lib/classes/functions.inc.php
@@ -237,7 +237,7 @@ class functions {
}
$ips = array();
- $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = '".$type."'");
+ $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])) $ips[] = $result['ip'];
diff --git a/server/lib/classes/getconf.inc.php b/server/lib/classes/getconf.inc.php
index 768ea2cabded44ab9ee56039d28ccc8fdaff7a89..2c20971adb3ead87e2b3893d4201176ab48e71c4 100644
--- a/server/lib/classes/getconf.inc.php
+++ b/server/lib/classes/getconf.inc.php
@@ -38,7 +38,7 @@ class getconf {
if(!is_array($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = intval($server_id);
- $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
+ $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
diff --git a/server/lib/classes/modules.inc.php b/server/lib/classes/modules.inc.php
index 194bf4f51abc191c5e3072c1e7eddd5dd13f0061..e5ccaaf1141088685934c9f2dec7b4757df2b540 100644
--- a/server/lib/classes/modules.inc.php
+++ b/server/lib/classes/modules.inc.php
@@ -85,12 +85,12 @@ class modules {
//* If its a multiserver setup
if($app->db->dbHost != $app->dbmaster->dbHost || ($app->db->dbHost == $app->dbmaster->dbHost && $app->db->dbName != $app->dbmaster->dbName)) {
if($conf['mirror_server_id'] > 0) {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = ".$conf['mirror_server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
} else {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
}
- $records = $app->dbmaster->queryAllRecords($sql);
+ $records = $app->dbmaster->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id'], $conf['mirror_server_id']);
foreach($records as $d) {
//** encode data to utf-8 and unserialize it
@@ -133,46 +133,38 @@ class modules {
$idx = explode(':', $d['dbidx']);
$tmp_sql1 = '';
$tmp_sql2 = '';
+ $f_params = array($d['dbtable']);
+ $params = array();
foreach($data['new'] as $fieldname => $val) {
- $tmp_sql1 .= "`$fieldname`,";
- $tmp_sql2 .= "'".$app->db->quote($val)."',";
+ $tmp_sql1 .= "??,";
+ $tmp_sql2 .= "?,";
+ $f_params[] = $fieldname;
+ $params[] = $val;
}
+ $params = $f_params + $params;
+ unset($f_params);
+
$tmp_sql1 = substr($tmp_sql1, 0, -1);
$tmp_sql2 = substr($tmp_sql2, 0, -1);
//$tmp_sql1 .= "$idx[0]";
//$tmp_sql2 .= "$idx[1]";
- $sql = "REPLACE INTO $d[dbtable] ($tmp_sql1) VALUES ($tmp_sql2)";
+ $sql = "REPLACE INTO ?? ($tmp_sql1) VALUES ($tmp_sql2)";
$app->db->errorNumber = 0;
$app->db->errorMessage = '';
- $app->db->query($sql);
+ $app->db->query($sql, true, $params);
+ unset($params);
if($app->db->errorNumber > 0) {
$replication_error = true;
$app->log("Replication failed. Error: (" . $d['dbtable'] . ") in MySQL server: (".$app->db->dbHost.") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);
}
$app->log('Replicated from master: '.$sql, LOGLEVEL_DEBUG);
}
- /*
- if($d["action"] == 'u') {
- $sql = "UPDATE $d[dbtable] SET ";
- foreach($data['new'] as $fieldname => $val) {
- $sql .= "`$fieldname` = '$val',";
- }
- $sql = substr($sql,0,-1);
- $idx = explode(":",$d["dbidx"]);
- $sql .= " WHERE $idx[0] = $idx[1]";
- $app->db->query($sql);
- if($app->db->errorNumber > 0) {
- $replication_error = true;
- $app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql,LOGLEVEL_ERROR);
- }
- $app->log("Replicated from master: ".$sql,LOGLEVEL_DEBUG);
- }
- */
+
if($d['action'] == 'd') {
$idx = explode(':', $d['dbidx']);
- $sql = "DELETE FROM $d[dbtable] ";
- $sql .= " WHERE $idx[0] = $idx[1]";
- $app->db->query($sql);
+ $sql = "DELETE FROM ?? ";
+ $sql .= " WHERE ?? = ?";
+ $app->db->query($sql, $d['dbtable'], $idx[0], $idx[1]);
if($app->db->errorNumber > 0) {
$replication_error = true;
$app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);
@@ -183,12 +175,12 @@ class modules {
if($replication_error == false) {
if(is_array($data['old']) || is_array($data['new'])) {
- $app->db->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);
+ $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);
$this->raiseTableHook($d['dbtable'], $d['action'], $data);
} else {
$app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);
}
- $app->dbmaster->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);
+ $app->dbmaster->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);
$app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);
} else {
$app->log('Error in Replication, changes were not processed.', LOGLEVEL_ERROR);
@@ -205,23 +197,14 @@ class modules {
//* if we have a single server setup
} else {
- $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";
+ $records = $app->db->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id']);
foreach($records as $d) {
//** encode data to utf-8 to be able to unserialize it and then unserialize it
if(!$data = unserialize(stripslashes($d['data']))) {
$data = unserialize($d['data']);
}
- //** decode data back to current locale
- /*
- foreach($data['old'] as $key => $val) {
- $data['old'][$key] = utf8_decode($val);
- }
- foreach($data['new'] as $key => $val) {
- $data['new'][$key] = utf8_decode($val);
- }
- */
//* Data on a single server is never mirrored
$data['mirrored'] = false;
@@ -232,9 +215,7 @@ class modules {
} else {
$app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);
}
- //$app->db->query("DELETE FROM sys_datalog WHERE datalog_id = ".$rec["datalog_id"]);
- //$app->log("Deleting sys_datalog ID ".$rec["datalog_id"],LOGLEVEL_DEBUG);
- $app->db->query("UPDATE server SET updated = ".$d['datalog_id']." WHERE server_id = ".$conf['server_id']);
+ $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d['datalog_id'], $conf['server_id']);
$app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);
}
}
@@ -251,11 +232,11 @@ class modules {
//* SQL query to get all pending actions
$sql = "SELECT action_id, action_type, action_param " .
"FROM sys_remoteaction " .
- "WHERE server_id = " . $server_id . " ".
- " AND action_id > " . intval($maxid_remote_action) . " ".
+ "WHERE server_id = ? ".
+ " AND action_id > ? ".
"ORDER BY action_id";
- $actions = $app->dbmaster->queryAllRecords($sql);
+ $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);
if(is_array($actions)) {
foreach($actions as $action) {
@@ -265,9 +246,9 @@ class modules {
//* Update the action state
$sql = "UPDATE sys_remoteaction " .
- "SET action_state = '" . $app->dbmaster->quote($state) . "' " .
- "WHERE action_id = " . intval($action['action_id']);
- $app->dbmaster->query($sql);
+ "SET action_state = ? " .
+ "WHERE action_id = ?";
+ $app->dbmaster->query($sql, $state, $action['action_id']);
/*
* Then save the maxid for the next time...
diff --git a/server/lib/classes/monitor_tools.inc.php b/server/lib/classes/monitor_tools.inc.php
index 50eb45b0dd074bbd433b5fa1724c734be024b051..13c0f8dcbb4cdae138afa2005534c24dae46197e 100644
--- a/server/lib/classes/monitor_tools.inc.php
+++ b/server/lib/classes/monitor_tools.inc.php
@@ -259,7 +259,7 @@ class monitor_tools {
$server_id = intval($conf['server_id']);
/** get the "active" Services of the server from the DB */
- $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ' . $server_id);
+ $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ?', $server_id);
/*
* If the DB is down, we have to set the db to "yes".
* If we don't do this, then the monitor will NOT monitor, that the db is down and so the
@@ -670,12 +670,12 @@ class monitor_tools {
*/
$sql = 'DELETE FROM monitor_data ' .
'WHERE ' .
- ' type =' . "'" . $app->dbmaster->quote($type) . "' " .
+ ' type = ?' .
'AND ' .
- ' created < ' . $old . ' ' .
+ ' created < ? ' .
'AND ' .
- ' server_id = ' . $serverId;
- $app->dbmaster->query($sql);
+ ' server_id = ?';
+ $app->dbmaster->query($sql, $type, $old, $serverId);
}
public function send_notification_email($template, $placeholders, $recipients) {
diff --git a/server/mods-available/remoteaction_core_module.inc.php b/server/mods-available/remoteaction_core_module.inc.php
index 08649531b579fbc079a5614b7c6c165e2034c27f..807de5060ab28bfbee5257760b812e60ba65a655 100644
--- a/server/mods-available/remoteaction_core_module.inc.php
+++ b/server/mods-available/remoteaction_core_module.inc.php
@@ -62,10 +62,8 @@ class remoteaction_core_module {
* First set the state
*/
global $app;
- $sql = "UPDATE sys_remoteaction " .
- "SET action_state = '" . $app->dbmaster->quote($state) . "' " .
- "WHERE action_id = " . intval($id);
- $app->dbmaster->query($sql);
+ $sql = "UPDATE sys_remoteaction SET action_state = ? WHERE action_id = ?";
+ $app->dbmaster->query($sql, $state, $id);
/*
* Then save the maxid for the next time...
@@ -103,12 +101,8 @@ class remoteaction_core_module {
/*
* Get all actions this server should execute
*/
- $sql = "SELECT action_id, action_type, action_param " .
- "FROM sys_remoteaction " .
- "WHERE server_id = " . $server_id . " ".
- " AND action_id > " . intval($maxid_remote_action) . " ".
- "ORDER BY action_id";
- $actions = $app->dbmaster->queryAllRecords($sql);
+ $sql = "SELECT action_id, action_type, action_param FROM sys_remoteaction WHERE server_id = ? AND action_id > ? ORDER BY action_id";
+ $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);
/*
* process all actions
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index d742c428b2e7da0756ec4e709f30c1bbf8f9dbd0..34a08e3aeadac21b3ec146f404e217809901bb7d 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -108,23 +108,27 @@ class apache2_plugin {
* php_version -> php ini path that changed (additional php versions)
*/
+ $param = '';
$qrystr = "SELECT * FROM web_domain WHERE custom_php_ini != ''";
if($data['mode'] == 'mod') {
$qrystr .= " AND php = 'mod'";
} elseif($data['mode'] == 'fast-cgi') {
$qrystr .= " AND php = 'fast-cgi'";
if($data['php_version']) {
- $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . "'";
+ $qrystr .= " AND fastcgi_php_version LIKE ?";
+ $param = '%:' . $data['php_version'];
}
} elseif($data['mode'] == 'php-fpm') {
$qrystr .= " AND php = 'php-fpm'";
if($data['php_version']) {
- $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'";
+ $qrystr .= " AND fastcgi_php_version LIKE ?";
+ $param = '%:' . $data['php_version'] . ':%';
}
} elseif($data['mode'] == 'hhvm') {
$qrystr .= " AND php = 'hhvm'";
if($data['php_version']) {
- $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'";
+ $qrystr .= " AND fastcgi_php_version LIKE ?";
+ $param = '%:' . $data['php_version'] . ':%';
}
} else {
$qrystr .= " AND php != 'mod' AND php != 'fast-cgi'";
@@ -132,7 +136,7 @@ class apache2_plugin {
//** Get all the webs
- $web_domains = $app->db->queryAllRecords($qrystr);
+ $web_domains = $app->db->queryAllRecords($qrystr, $param);
foreach($web_domains as $web_data) {
$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$web_data['system_user'];
$web_folder = 'web';
@@ -157,6 +161,26 @@ class apache2_plugin {
if($master_php_ini_path != '' && substr($master_php_ini_path, -7) == 'php.ini' && is_file($master_php_ini_path)) {
$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
}
+
+ if(intval($web_data['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($web_data['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $web_data['custom_php_ini'] .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+
$php_ini_content .= str_replace("\r", '', trim($web_data['custom_php_ini']));
$app->system->file_put_contents($custom_php_ini_dir.'/php.ini', $php_ini_content);
$app->log('Info: rewrote custom php.ini for web ' . $web_data['domain_id'] . ' (' . $web_data['domain'] . ').', LOGLEVEL_DEBUG);
@@ -303,15 +327,15 @@ class apache2_plugin {
$app->system->chmod($key_file2, 0400);
@$app->system->unlink($config_file);
@$app->system->unlink($rand_file);
- $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
- $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
- $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
+ $ssl_request = $app->system->file_get_contents($csr_file);
+ $ssl_cert = $app->system->file_get_contents($crt_file);
+ $ssl_key2 = $app->system->file_get_contents($key_file2);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
//* Save a SSL certificate to disk
@@ -355,18 +379,18 @@ class apache2_plugin {
$app->system->file_put_contents($key_file2, $data["new"]["ssl_key"]);
$app->system->chmod($key_file2, 0400);
} else {
- $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
+ $ssl_key2 = $app->system->file_get_contents($key_file2);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
}
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Saving SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -386,11 +410,11 @@ class apache2_plugin {
$app->system->unlink($crt_file);
$app->system->unlink($bundle_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -420,7 +444,7 @@ class apache2_plugin {
// If the parent_domain_id has been changed, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ? AND active = ?', $old_parent_domain_id, 'y');
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -428,7 +452,7 @@ class apache2_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ? AND active = ', $new_parent_domain_id, 'y');
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -466,7 +490,7 @@ class apache2_plugin {
$old_log_folder = 'log';
if($data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') {
// new one
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['new']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['new']['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$data['new']['domain_id'];
$web_folder = $data['new']['web_folder'];
@@ -475,7 +499,7 @@ class apache2_plugin {
if(isset($data['old']['parent_domain_id'])) {
// old one
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
$old_web_folder = $data['old']['web_folder'];
@@ -529,7 +553,7 @@ class apache2_plugin {
if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {
//* Get the old client ID
- $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
+ $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);
$old_client_id = intval($old_client['client_id']);
unset($old_client);
@@ -671,7 +695,7 @@ class apache2_plugin {
$app->system->web_folder_protection($data['new']['document_root'], true);
// Get the client ID
- $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));
+ $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['new']['sys_groupid']);
$client_id = intval($client['client_id']);
unset($client);
@@ -1004,6 +1028,26 @@ class apache2_plugin {
$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
}
$php_ini_content .= str_replace("\r", '', trim($data['new']['custom_php_ini']));
+
+ if(intval($data['new']['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $php_ini_content .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+
$app->system->file_put_contents($custom_php_ini_dir.'/php.ini', $php_ini_content);
} else {
$has_custom_php_ini = false;
@@ -1031,7 +1075,7 @@ class apache2_plugin {
// Custom Apache directives
if(intval($data['new']['directive_snippets_id']) > 0){
- $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", $data['new']['directive_snippets_id']);
if(isset($snippet['snippet'])){
$vhost_data['apache_directives'] = $snippet['snippet'];
}
@@ -1137,7 +1181,7 @@ class apache2_plugin {
$auto_alias = $web_config['website_autoalias'];
if($auto_alias != '') {
// get the client username
- $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");
+ $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);
$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
@@ -1148,7 +1192,7 @@ class apache2_plugin {
}
// get alias domains (co-domains and subdomains)
- $aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')");
+ $aliases = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')", $data['new']['domain_id']);
$alias_seo_redirects = array();
switch($data['new']['subdomain']) {
case 'www':
@@ -1792,7 +1836,7 @@ class apache2_plugin {
$log_folder = 'log';
$web_folder = '';
if($data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);
if($tmp['domain'] != ''){
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
} else {
@@ -1864,7 +1908,7 @@ class apache2_plugin {
if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['type'] != 'vhostalias' && $data['old']['parent_domain_id'] > 0) {
//* This is a alias domain or subdomain, so we have to update the website instead
$parent_domain_id = intval($data['old']['parent_domain_id']);
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -1918,7 +1962,7 @@ class apache2_plugin {
} else {
// read all vhost subdomains and alias with same parent domain
$used_paths = array();
- $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));
+ $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ? AND domain_id != ?", $data['old']['parent_domain_id'], $data['old']['domain_id']);
foreach($tmp as $tmprec) {
// we normalize the folder entries because we need to compare them
$tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times
@@ -2000,7 +2044,7 @@ class apache2_plugin {
$app->log('Removing website: '.$docroot, LOGLEVEL_DEBUG);
// Delete the symlinks for the sites
- $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
+ $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);
$client_id = intval($client['client_id']);
unset($client);
$tmp_symlinks_array = explode(':', $web_config['website_symlinks']);
@@ -2089,7 +2133,7 @@ class apache2_plugin {
$tpl = new tpl();
$tpl->newTemplate('apache_ispconfig.conf.master');
$tpl->setVar('apache_version', $app->system->getapacheversion());
- $records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $app->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ? AND virtualhost = 'y'", $conf['server_id']);
$records_out= array();
if(is_array($records)) {
@@ -2135,8 +2179,8 @@ class apache2_plugin {
$folder_id = $data['new']['web_folder_id'];
}
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $folder_id);
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);
if(!is_array($folder) or !is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2172,19 +2216,6 @@ class apache2_plugin {
$app->log('Created file '.$folder_path.'.htpasswd', LOGLEVEL_DEBUG);
}
- /*
- $auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));
- $htpasswd_content = '';
- if(is_array($auth_users) && !empty($auth_users)){
- foreach($auth_users as $auth_user){
- $htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";
- }
- }
- $htpasswd_content = trim($htpasswd_content);
- @file_put_contents($folder_path.'.htpasswd', $htpasswd_content);
- $app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
- */
-
if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {
$app->system->removeLine($folder_path.'.htpasswd', $data['old']['username'].':');
$app->log('Removed user: '.$data['old']['username'], LOGLEVEL_DEBUG);
@@ -2235,7 +2266,7 @@ class apache2_plugin {
$folder_id = $data['old']['web_folder_id'];
$folder = $data['old'];
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);
if(!is_array($folder) or !is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2290,7 +2321,7 @@ class apache2_plugin {
function web_folder_update($event_name, $data) {
global $app, $conf;
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2450,7 +2481,7 @@ class apache2_plugin {
/*
* Get additional informations
*/
- $sitedata = $app->db->queryOneRecord('SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = ' . $data['new']['parent_domain_id']);
+ $sitedata = $app->db->queryOneRecord('SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);
$documentRoot = $sitedata['document_root'];
$domain = $sitedata['domain'];
$user = $sitedata['system_user'];
@@ -2538,7 +2569,7 @@ class apache2_plugin {
/*
* Get additional informations
*/
- $sitedata = $app->db->queryOneRecord('SELECT document_root, domain FROM web_domain WHERE domain_id = ' . $data['old']['parent_domain_id']);
+ $sitedata = $app->db->queryOneRecord('SELECT document_root, domain FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);
$documentRoot = $sitedata['document_root'];
$domain = $sitedata['domain'];
@@ -2768,17 +2799,63 @@ class apache2_plugin {
} else {
$content = file_get_contents($conf['rootpath'] . '/conf/hhvm_starter.master');
}
+ if(file_exists($conf['rootpath'] . '/conf-custom/hhvm_monit.master')) {
+ $monit_content = file_get_contents($conf['rootpath'] . '/conf-custom/hhvm_monit.master');
+ } else {
+ $monit_content = file_get_contents($conf['rootpath'] . '/conf/hhvm_monit.master');
+ }
- if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm') {
+ if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || $data['new']['custom_php_ini'] != $data['old']['custom_php_ini']) {
+
+ // Custom php.ini settings
+ $custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+ if(intval($data['new']['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $custom_php_ini_settings .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+ if($custom_php_ini_settings != ''){
+ // Make sure we only have Unix linebreaks
+ $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+ file_put_contents('/etc/hhvm/'.$data['new']['system_user'].'.ini', $custom_php_ini_settings);
+ } else {
+ if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+ }
+
$content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $content);
file_put_contents('/etc/init.d/hhvm_' . $data['new']['system_user'], $content);
exec('chmod +x /etc/init.d/hhvm_' . $data['new']['system_user'] . ' >/dev/null 2>&1');
exec('/usr/sbin/update-rc.d hhvm_' . $data['new']['system_user'] . ' defaults >/dev/null 2>&1');
exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' start >/dev/null 2>&1');
+
+ $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);
+ file_put_contents('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'], $monit_content);
+ exec('/etc/init.d/monit restart >/dev/null 2>&1');
+
} elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {
exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');
exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');
unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);
+ if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+
+ if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){
+ unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);
+ exec('/etc/init.d/monit restart >/dev/null 2>&1');
+ }
}
}
@@ -2873,6 +2950,26 @@ class apache2_plugin {
// Custom php.ini settings
$final_php_ini_settings = array();
$custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+
+ if(intval($data['new']['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $custom_php_ini_settings .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+
if($custom_php_ini_settings != ''){
// Make sure we only have Unix linebreaks
$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
@@ -2925,7 +3022,7 @@ class apache2_plugin {
$app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
- $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $conf["server_id"]);
if(is_array($php_versions) && !empty($php_versions)){
foreach($php_versions as $php_version){
if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
@@ -2989,7 +3086,7 @@ class apache2_plugin {
$app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
- $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$data['old']['server_id']);
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $data['old']['server_id']);
if(is_array($php_versions) && !empty($php_versions)){
foreach($php_versions as $php_version){
if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 380b7de2f579a610fe2fb6c6a322868f7873b860..cb9911de2676c30f30310a5b6fab5a49ebbe94f3 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -63,19 +63,19 @@ class backup_plugin {
global $app, $conf;
$backup_id = intval($data);
- $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = $backup_id");
+ $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if(is_array($backup)) {
$app->uses('ini_parser,file,getconf,system');
- $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$backup['parent_domain_id']);
+ $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $backup['parent_domain_id']);
$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
$backup_dir = $server_config['backup_dir'].'/web'.$web['domain_id'];
$backup_dir_is_ready = true;
//* mount backup directory, if necessary
- if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $backup_dir_is_ready = false;
+ if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($server_config['backup_dir']) ) $backup_dir_is_ready = false;
if($backup_dir_is_ready){
//* Make backup available for download
@@ -172,7 +172,7 @@ class backup_plugin {
global $app, $conf;
$backup_id = intval($data);
- $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = $backup_id");
+ $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = ?", $backup_id);
if (is_array($mail_backup) && $action_name == 'backup_restore_mail') {
$app->uses('ini_parser,file,getconf');
@@ -186,13 +186,13 @@ class backup_plugin {
if($backup_dir_is_ready){
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
- $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ".intval($mail_backup['parent_domain_id']));
+ $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ?", $mail_backup['parent_domain_id']);
$backup_dir = $server_config['backup_dir'].'/mail'.$domain_rec['domain_id'];
$mail_backup_file = $backup_dir.'/'.$mail_backup['filename'];
- $sql = "SELECT * FROM mail_user WHERE server_id = '".$conf['server_id']."' AND mailuser_id = ".intval($mail_backup['mailuser_id']);
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM mail_user WHERE server_id = ? AND mailuser_id = ?";
+ $record = $app->db->queryOneRecord($sql, $conf['server_id'], $mail_backup['mailuser_id']);
//* strip mailbox from maildir
$domain_dir=explode('/',$record['maildir']);
diff --git a/server/plugins-available/bind_dlz_plugin.inc.php b/server/plugins-available/bind_dlz_plugin.inc.php
index 63abcc48ced03d6874b8dc5bcab5e1b865985a60..89954ccabb2a5b210d5514e53e22da8d51b59b3c 100644
--- a/server/plugins-available/bind_dlz_plugin.inc.php
+++ b/server/plugins-available/bind_dlz_plugin.inc.php
@@ -34,7 +34,7 @@ TABLE STRUCTURE of the "named" database:
CREATE TABLE IF NOT EXISTS `records` (
`id` int(10) unsigned NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
- `ttl` int(11) NOT NULL default '86400',
+ `ttl` int(11) NOT NULL default '3600',
`type` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL default '@',
`mx_priority` int(11) default NULL,
@@ -121,7 +121,7 @@ class bind_dlz_plugin {
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
- $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);
+ $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
@@ -129,8 +129,7 @@ class bind_dlz_plugin {
//$_db->dbName = 'named';
$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
- "('$origin', $ttl, 'SOA', '{$data["new"]["ns"]}', '{$data["new"]["mbox"]}', '{$serial["serial"]}', '{$serial["refresh"]}'," .
- "'{$serial["retry"]}', '{$serial["expire"]}', '{$serial["minimum"]}', $ispconfig_id)");
+ "(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
//unset($_db);
}
@@ -149,16 +148,14 @@ class bind_dlz_plugin {
{
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
- $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);
+ $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
- $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, primary_ns = '{$data["new"]["ns"]}', resp_contact = '{$data["new"]["mbox"]}', ".
- "serial = '{$serial["serial"]}', refresh = '{$serial["refresh"]}', retry = '{$serial["retry"]}', expire = '{$serial["expire"]}', ".
- "minimum = '{$serial["minimum"]}' WHERE ispconfig_id = ".$data["new"]["id"]." AND type = 'SOA'");
+ $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
//unset($_db);
}
else
@@ -166,7 +163,7 @@ class bind_dlz_plugin {
$this->soa_insert($event_name, $data);
$ispconfig_id = $data["new"]["id"];
- if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = $ispconfig_id AND active = 'Y'"))
+ if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
{
foreach($records as $record)
{
@@ -188,7 +185,7 @@ class bind_dlz_plugin {
//$_db = clone $app->db;
//$_db->dbName = 'named';
- $app->db->query( "DELETE FROM named.dns_records WHERE zone = '".substr($data['old']['origin'], 0, -1)."'");
+ $app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
@@ -197,7 +194,7 @@ class bind_dlz_plugin {
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
@@ -251,13 +248,13 @@ class bind_dlz_plugin {
if ($type == 'MX') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
- " VALUES ('$origin', $ttl, '$type', '$name', {$data["new"]["aux"]}, '$content', $ispconfig_id)");
+ " VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
} elseif ($type == 'SRV') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
- " VALUES ('$origin', $ttl, '$type', '{$data["new"]["aux"]} $content', $ispconfig_id)");
+ " VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
} else {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
- " VALUES ('$origin', $ttl, '$type', '$name', '$content', $ispconfig_id)");
+ " VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
@@ -276,7 +273,7 @@ class bind_dlz_plugin {
{
if ($data["old"]["active"] == 'Y')
{
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
@@ -328,14 +325,11 @@ class bind_dlz_plugin {
//$_db->dbName = 'named';
if ($type == 'MX') {
- $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', host = '$name', mx_priority = $prio, ".
- "data = '$content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
} elseif ($type == 'SRV') {
- $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', ".
- "data = '$prio $content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
} else {
- $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', host = '$name', ".
- "data = '$content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
@@ -351,7 +345,7 @@ class bind_dlz_plugin {
//$_db = clone $app->db;
//$_db->dbName = 'named';
- $app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = '".substr($data['old']['origin'], 0, -1)."'");
+ $app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 2f7f93222405fb91b98e9e981fda35880a9f5ddc..3b55dbcc31ac11738bd945515c3d497ccdebccb3 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -102,7 +102,7 @@ class bind_plugin {
$zone = $data['new'];
$tpl->setVar($zone);
- $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ".$zone['id']." AND active = 'Y'");
+ $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $zone['id']);
if(is_array($records) && !empty($records)){
for($i=0;$i<sizeof($records);$i++){
if($records[$i]['ttl'] == 0) $records[$i]['ttl'] = '';
@@ -281,7 +281,7 @@ class bind_plugin {
global $app, $conf;
//* Get the data of the soa and call soa_update
- $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -293,7 +293,7 @@ class bind_plugin {
global $app, $conf;
//* Get the data of the soa and call soa_update
- $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -305,7 +305,7 @@ class bind_plugin {
global $app, $conf;
//* Get the data of the soa and call soa_update
- $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".intval($data['old']['zone']));
+ $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['old']['zone']);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -319,18 +319,10 @@ class bind_plugin {
global $app, $conf;
//* Only write the master file for the current server
- $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=".$conf["server_id"]);
+ $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones = array();
//* Check if the current zone that triggered this function has at least one NS record
- /* Has been replaced by a better zone check
- $rec_num = $app->db->queryOneRecord("SELECT count(id) as ns FROM dns_rr WHERE type = 'NS' AND zone = ".intval($data['new']['id'])." AND active = 'Y'");
- if($rec_num['ns'] == 0) {
- $exclude_zone = $data['new']['origin'];
- } else {
- $exclude_zone = '';
- }
- */
//TODO : change this when distribution information has been integrated into server record
if (file_exists('/etc/gentoo-release')) {
@@ -370,7 +362,7 @@ class bind_plugin {
$tpl->setLoop('zones', $zones);
//* And loop through the secondary zones, but only for the current server
- $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=".$conf["server_id"]);
+ $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones_sec = array();
foreach($tmps_sec as $tmp) {
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index 4c95b83c2bdb0d9fbbf798e71772c59cc9236f3b..c652f299ebc44dd87c5cc3f1c65f118cdbebb144 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -76,7 +76,7 @@ class cron_jailkit_plugin {
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -155,7 +155,7 @@ class cron_jailkit_plugin {
return 0;
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -333,7 +333,7 @@ class cron_jailkit_plugin {
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
// Get the parent website of this shell user
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);
//* If the security level is set to high
if($web_config['security_level'] == 20 && is_array($web)) {
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index 9bda43345e5f8e41faca808599fb616bc322c908..7d3c1383e0de9b333f899e856af746c4ec305b32 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -92,7 +92,7 @@ class cron_plugin {
}
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
@@ -105,7 +105,7 @@ class cron_plugin {
}
// Get the client ID
- $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["new"]["sys_groupid"]));
+ $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["new"]["sys_groupid"]);
$client_id = intval($client["client_id"]);
unset($client);
@@ -161,14 +161,14 @@ class cron_plugin {
global $app, $conf;
//* get data from web
- $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["old"]["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["old"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
}
// Get the client ID
- $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"]));
+ $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["old"]["sys_groupid"]);
$client_id = intval($client["client_id"]);
unset($client);
@@ -196,7 +196,7 @@ class cron_plugin {
$chr_cmd_count = 0;
//* read all active cron jobs from database and write them to file
- $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND c.`active` = 'y'");
+ $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ? AND c.`active` = 'y'", $this->parent_domain["domain_id"]);
if($cron_jobs && count($cron_jobs) > 0) {
foreach($cron_jobs as $job) {
if($job['run_month'] == '@reboot') {
@@ -210,7 +210,7 @@ class cron_plugin {
$log_root = '';
if($job['log'] == 'y') {
if($job['type'] != 'chrooted') $log_root = $this->parent_domain['document_root'];
- $log_root .= '/log';
+ $log_root .= '/private';
$log_target = '>>' . $log_root . '/cron.log 2>>' . $log_root . '/cron_error.log';
$log_wget_target = $log_root . '/cron_wget.log';
diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index d46936100dea724e0f393dec7ba8f461ea4b4492..484a0f7da45dede95f3077bd3c0eeab380aaa86f 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -74,7 +74,7 @@ class ftpuser_base_plugin {
if(!is_dir($data['new']['dir'])) {
$app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
//* Check if the resulting path is inside the docroot
if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {
@@ -100,7 +100,7 @@ class ftpuser_base_plugin {
if(!is_dir($data['new']['dir'])) {
$app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
//* Check if the resulting path is inside the docroot
if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {
diff --git a/server/plugins-available/mail_plugin.inc.php b/server/plugins-available/mail_plugin.inc.php
index faa89f1cd7283cae74de1a5b0b6a85bab79db551..caec01aa2565ee2f4590440f3bb91664b672f369 100644
--- a/server/plugins-available/mail_plugin.inc.php
+++ b/server/plugins-available/mail_plugin.inc.php
@@ -98,10 +98,10 @@ class mail_plugin {
if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
$app->log('Map uid to linux-user',LOGLEVEL_DEBUG);
$email_parts = explode('@',$data['new']['email']);
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);
if ($webdomain) {
while (($webdomain['system_user'] == null) && ($webdomain['parent_domain_id'] != 0)) {
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);
}
$app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);
@@ -118,7 +118,7 @@ class mail_plugin {
$app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);
// update DB if values changed
- $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);
+ $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);
// now get names of uid and gid
$user = $app->system->getuser($data['new']['uid']);
@@ -280,10 +280,10 @@ class mail_plugin {
if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
$app->log('Map uid to linux-user',LOGLEVEL_DEBUG);
$email_parts = explode('@',$data['new']['email']);
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);
if ($webdomain) {
while ($webdomain['parent_domain_id'] != 0) {
- $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");
+ $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);
}
$app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);
@@ -300,7 +300,7 @@ class mail_plugin {
$app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);
// update DB if values changed
- $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);
+ $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);
$user = $app->system->getuser($data['new']['uid']);
$group = $app->system->getgroup($data['new']['gid']);
diff --git a/server/plugins-available/maildeliver_plugin.inc.php b/server/plugins-available/maildeliver_plugin.inc.php
index 85293ae4086fd0dadec1f0db3bdfccf962a34e1c..a6f9ae567e324e39a1dba9127cddaf4d52e30e16 100644
--- a/server/plugins-available/maildeliver_plugin.inc.php
+++ b/server/plugins-available/maildeliver_plugin.inc.php
@@ -165,8 +165,8 @@ class maildeliver_plugin {
$tpl->setVar('autoresponder_text', $data["new"]["autoresponder_text"]);
//* Set alias addresses for autoresponder
- $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = '".$app->db->quote($data["new"]["email"])."'";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = ?";
+ $records = $app->db->queryAllRecords($sql, $data["new"]["email"]);
$addresses = array();
$addresses[] = $data["new"]["email"];
@@ -181,8 +181,8 @@ class maildeliver_plugin {
$alias_addresses = array();
$email_parts = explode('@', $data["new"]["email"]);
- $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = '@".$app->db->quote($email_parts[1])."'";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = ?";
+ $records = $app->db->queryAllRecords($sql, '@'.$email_parts[1]);
if(is_array($records) && count($records) > 0) {
$app->log("Found " . count($records) . " records (aliasdomains).", LOGLEVEL_DEBUG);
foreach($records as $rec) {
diff --git a/server/plugins-available/mailman_plugin.inc.php b/server/plugins-available/mailman_plugin.inc.php
index acf4eb9363adb64cc5b61382a84c17cf77c76d8a..9ebb2aa9a73f326f48d2c7b7d97f33a0c40eb4a7 100644
--- a/server/plugins-available/mailman_plugin.inc.php
+++ b/server/plugins-available/mailman_plugin.inc.php
@@ -78,7 +78,7 @@ class mailman_plugin {
if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman');
exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
- $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
+ $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);
}
@@ -91,7 +91,7 @@ class mailman_plugin {
if($data["new"]["password"] != $data["old"]["password"] && $data["new"]["password"] != '') {
exec("nohup /usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &");
exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
- $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
+ $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);
}
if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
diff --git a/server/plugins-available/mongo_clientdb_plugin.inc.php b/server/plugins-available/mongo_clientdb_plugin.inc.php
index 2f381121d3fa58791323cc862c6b3d624c51332d..b4d274cba5ceed8868ea606374702667059224e1 100644
--- a/server/plugins-available/mongo_clientdb_plugin.inc.php
+++ b/server/plugins-available/mongo_clientdb_plugin.inc.php
@@ -500,8 +500,8 @@ class mongo_clientdb_plugin {
return;
}
- $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
- $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
$user = $db_user['database_user'];
$password = $db_user['database_password_mongo'];
@@ -573,8 +573,8 @@ class mongo_clientdb_plugin {
return;
}
- $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
- $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
$user = $db_user['database_user'];
$password = $db_user['database_password_mongo'];
@@ -600,7 +600,7 @@ class mongo_clientdb_plugin {
} else {
// selected user has changed -> drop old one
if ($data['new']['database_user_id'] != $data['old']['database_user_id']) {
- $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
if ((bool) $old_db_user) {
if ($old_db_user['database_user'] == 'root') {
@@ -613,7 +613,7 @@ class mongo_clientdb_plugin {
// selected read-only user has changed -> drop old one
if ($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {
- $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']);
if ((bool) $old_db_user) {
if ($old_db_user['database_user'] == 'root') {
diff --git a/server/plugins-available/network_settings_plugin.inc.php b/server/plugins-available/network_settings_plugin.inc.php
index 46242d98407846a36ae20e2d4d285fd01f9a7621..13dbf3c8c1f0595515b72b1f211e2217f79d2e0c 100644
--- a/server/plugins-available/network_settings_plugin.inc.php
+++ b/server/plugins-available/network_settings_plugin.inc.php
@@ -101,7 +101,7 @@ class network_settings_plugin {
$network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));
$network_tpl->setVar('network', $this->network($server_config['ip_address'], $server_config['netmask']));
- $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . ' ORDER BY server_ip_id ASC');
+ $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? ORDER BY server_ip_id ASC", $conf['server_id']);
$ip_records = array();
$additionl_ip_records = 0;
$n = 0;
@@ -179,7 +179,7 @@ class network_settings_plugin {
$network_tpl->setVar('gateway', $server_config['gateway']);
$network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));
- $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . " order by ip_address");
+ $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? order by ip_address", $conf['server_id']);
$ip_records = array();
$additionl_ip_records = 0;
$n = 0;
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index c256ae18f6b9b7e06623570fc6036e8da6536594..30e0eb0b75b3e39080b688e0a3c40f07208dd9a6 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -208,15 +208,15 @@ class nginx_plugin {
$app->system->chmod($key_file2, 0400);
@$app->system->unlink($config_file);
@$app->system->unlink($rand_file);
- $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
- $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
- $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
+ $ssl_request = $app->system->file_get_contents($csr_file);
+ $ssl_cert = $app->system->file_get_contents($crt_file);
+ $ssl_key2 = $app->system->file_get_contents($key_file2);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
//* Save a SSL certificate to disk
@@ -263,10 +263,10 @@ class nginx_plugin {
unset($crt_file_contents);
}
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Saving SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -286,11 +286,11 @@ class nginx_plugin {
$app->system->unlink($crt_file);
//$app->system->unlink($bundle_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -326,7 +326,7 @@ class nginx_plugin {
// If the parent_domain_id has been changed, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -334,7 +334,7 @@ class nginx_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -374,7 +374,7 @@ class nginx_plugin {
$old_log_folder = 'log';
if($data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') {
// new one
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['new']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['new']['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$data['new']['domain_id'];
$web_folder = $data['new']['web_folder'];
@@ -383,7 +383,7 @@ class nginx_plugin {
if(isset($data['old']['parent_domain_id'])) {
// old one
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
$old_web_folder = $data['old']['web_folder'];
@@ -437,7 +437,7 @@ class nginx_plugin {
if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {
//* Get the old client ID
- $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
+ $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);
$old_client_id = intval($old_client['client_id']);
unset($old_client);
@@ -576,7 +576,7 @@ class nginx_plugin {
$app->system->web_folder_protection($data['new']['document_root'], true);
// Get the client ID
- $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));
+ $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['new']['sys_groupid']);
$client_id = intval($client['client_id']);
unset($client);
@@ -1090,7 +1090,7 @@ class nginx_plugin {
// Custom nginx directives
$final_nginx_directives = array();
if(intval($data['new']['directive_snippets_id']) > 0){
- $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", $data['new']['directive_snippets_id']);
if(isset($snippet['snippet'])){
$nginx_directives = $snippet['snippet'];
} else {
@@ -1336,7 +1336,7 @@ class nginx_plugin {
$auto_alias = $web_config['website_autoalias'];
if($auto_alias != '') {
// get the client username
- $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");
+ $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);
$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
@@ -1356,7 +1356,7 @@ class nginx_plugin {
}
// get alias domains (co-domains and subdomains)
- $aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')");
+ $aliases = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')", $data['new']['domain_id']);
$alias_seo_redirects = array();
if(is_array($aliases)) {
foreach($aliases as $alias) {
@@ -1805,7 +1805,7 @@ class nginx_plugin {
$log_folder = 'log';
$web_folder = '';
if($data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
- $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);
if($tmp['domain'] != ''){
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
} else {
@@ -1877,7 +1877,7 @@ class nginx_plugin {
if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['type'] != 'vhostalias' && $data['old']['parent_domain_id'] > 0) {
//* This is a alias domain or subdomain, so we have to update the website instead
$parent_domain_id = intval($data['old']['parent_domain_id']);
- $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -1931,7 +1931,7 @@ class nginx_plugin {
} else {
// read all vhost subdomains with same parent domain
$used_paths = array();
- $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));
+ $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ? AND domain_id != ?", $data['old']['parent_domain_id'], $data['old']['domain_id']);
foreach($tmp as $tmprec) {
// we normalize the folder entries because we need to compare them
$tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times
@@ -2014,7 +2014,7 @@ class nginx_plugin {
$app->log('Removing website: '.$docroot, LOGLEVEL_DEBUG);
// Delete the symlinks for the sites
- $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
+ $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);
$client_id = intval($client['client_id']);
unset($client);
$tmp_symlinks_array = explode(':', $web_config['website_symlinks']);
@@ -2102,8 +2102,8 @@ class nginx_plugin {
$folder_id = $data['new']['web_folder_id'];
}
- $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $folder_id);
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);
if(!is_array($folder) or !is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2139,19 +2139,6 @@ class nginx_plugin {
$app->log('Created file '.$folder_path.'.htpasswd', LOGLEVEL_DEBUG);
}
- /*
- $auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));
- $htpasswd_content = '';
- if(is_array($auth_users) && !empty($auth_users)){
- foreach($auth_users as $auth_user){
- $htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";
- }
- }
- $htpasswd_content = trim($htpasswd_content);
- @file_put_contents($folder_path.'.htpasswd', $htpasswd_content);
- $app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
- */
-
if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {
$app->system->removeLine($folder_path.'.htpasswd', $data['old']['username'].':');
$app->log('Removed user: '.$data['old']['username'], LOGLEVEL_DEBUG);
@@ -2180,7 +2167,7 @@ class nginx_plugin {
$folder_id = $data['old']['web_folder_id'];
$folder = $data['old'];
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);
if(!is_array($folder) or !is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2217,7 +2204,7 @@ class nginx_plugin {
function web_folder_update($event_name, $data) {
global $app, $conf;
- $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!is_array($website)) {
$app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);
@@ -2286,7 +2273,7 @@ class nginx_plugin {
//$app->load('tpl');
//$tpl = new tpl();
//$tpl->newTemplate('nginx_http_authentication.auth.master');
- $website_auth_locations = $app->db->queryAllRecords("SELECT * FROM web_folder WHERE active = 'y' AND parent_domain_id = ".intval($website['domain_id']));
+ $website_auth_locations = $app->db->queryAllRecords("SELECT * FROM web_folder WHERE active = 'y' AND parent_domain_id = ?", $website['domain_id']);
$basic_auth_locations = array();
if(is_array($website_auth_locations) && !empty($website_auth_locations)){
foreach($website_auth_locations as $website_auth_location){
@@ -2368,17 +2355,63 @@ class nginx_plugin {
} else {
$content = file_get_contents($conf['rootpath'] . '/conf/hhvm_starter.master');
}
+ if(file_exists($conf['rootpath'] . '/conf-custom/hhvm_monit.master')) {
+ $monit_content = file_get_contents($conf['rootpath'] . '/conf-custom/hhvm_monit.master');
+ } else {
+ $monit_content = file_get_contents($conf['rootpath'] . '/conf/hhvm_monit.master');
+ }
+
+ if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || $data['new']['custom_php_ini'] != $data['old']['custom_php_ini']) {
+
+ // Custom php.ini settings
+ $custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+ if(intval($data['new']['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $custom_php_ini_settings .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+ if($custom_php_ini_settings != ''){
+ // Make sure we only have Unix linebreaks
+ $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+ file_put_contents('/etc/hhvm/'.$data['new']['system_user'].'.ini', $custom_php_ini_settings);
+ } else {
+ if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+ }
- if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm') {
$content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $content);
file_put_contents('/etc/init.d/hhvm_' . $data['new']['system_user'], $content);
exec('chmod +x /etc/init.d/hhvm_' . $data['new']['system_user'] . ' >/dev/null 2>&1');
exec('/usr/sbin/update-rc.d hhvm_' . $data['new']['system_user'] . ' defaults >/dev/null 2>&1');
- exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' start >/dev/null 2>&1');
+ exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' restart >/dev/null 2>&1');
+
+ $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);
+ file_put_contents('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'], $monit_content);
+ exec('/etc/init.d/monit restart >/dev/null 2>&1');
+
} elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {
exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');
exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');
- unlink('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' >/dev/null 2>&1');
+ unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);
+ if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+
+ if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){
+ unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);
+ exec('/etc/init.d/monit restart >/dev/null 2>&1');
+ }
}
}
@@ -2474,6 +2507,26 @@ class nginx_plugin {
// Custom php.ini settings
$final_php_ini_settings = array();
$custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+
+ if(intval($data['new']['directive_snippets_id']) > 0){
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
+ $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
+ if(is_array($required_php_snippets) && !empty($required_php_snippets)){
+ foreach($required_php_snippets as $required_php_snippet){
+ $required_php_snippet = intval($required_php_snippet);
+ if($required_php_snippet > 0){
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet['snippet'] = trim($php_snippet['snippet']);
+ if($php_snippet['snippet'] != ''){
+ $custom_php_ini_settings .= "\n".$php_snippet['snippet'];
+ }
+ }
+ }
+ }
+ }
+ }
+
if($custom_php_ini_settings != ''){
// Make sure we only have Unix linebreaks
$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
@@ -2526,7 +2579,7 @@ class nginx_plugin {
$app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
- $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $conf["server_id"]);
if(is_array($php_versions) && !empty($php_versions)){
foreach($php_versions as $php_version){
if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
@@ -2584,7 +2637,7 @@ class nginx_plugin {
$app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
- $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$data['old']['server_id']);
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $data['old']['server_id']);
if(is_array($php_versions) && !empty($php_versions)){
foreach($php_versions as $php_version){
if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
diff --git a/server/plugins-available/nginx_reverseproxy_plugin.inc.php b/server/plugins-available/nginx_reverseproxy_plugin.inc.php
index 1f68649fbfa885c32f990905212983320cd8b018..b5881dbf240886b5cc6127847a84f1e2dfa954de 100644
--- a/server/plugins-available/nginx_reverseproxy_plugin.inc.php
+++ b/server/plugins-available/nginx_reverseproxy_plugin.inc.php
@@ -70,7 +70,7 @@ class nginx_reverseproxy_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
- $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -78,7 +78,7 @@ class nginx_reverseproxy_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
@@ -130,7 +130,7 @@ class nginx_reverseproxy_plugin {
// get alias domains (co-domains and subdomains)
- $aliases = $app->dbmaster->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'");
+ $aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
$server_alias = array();
switch($data['new']['subdomain']) {
case 'www':
@@ -243,7 +243,7 @@ class nginx_reverseproxy_plugin {
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
- $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = '".$data['new']['domain']."'");
+ $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
$src_ssl_dir = $web["document_root"]."/ssl";
//$domain = $data["new"]["ssl_domain"];
diff --git a/server/plugins-available/openvz_plugin.inc.php b/server/plugins-available/openvz_plugin.inc.php
index a50c3def49e81d3df6e6d8d8cbaf32f9966aecf3..d6abced17f3d56fe448c9ea305f51d7a174f0430 100644
--- a/server/plugins-available/openvz_plugin.inc.php
+++ b/server/plugins-available/openvz_plugin.inc.php
@@ -85,7 +85,7 @@ class openvz_plugin {
return;
}
- $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$data['new']['ostemplate_id']);
+ $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $data['new']['ostemplate_id']);
$ostemplate = escapeshellcmd($tmp['template_file']);
unset($tmp);
diff --git a/server/plugins-available/pma_symlink_plugin.inc.php b/server/plugins-available/pma_symlink_plugin.inc.php
index db9b6f7f62613b781b67a96ef6d48cf1edc4e218..6b9b4fb2642f4b65dad4c511a851c5e6dc5ab857 100644
--- a/server/plugins-available/pma_symlink_plugin.inc.php
+++ b/server/plugins-available/pma_symlink_plugin.inc.php
@@ -81,7 +81,7 @@ class pma_symlink_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) {
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -89,7 +89,7 @@ class pma_symlink_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
diff --git a/server/plugins-available/postfix_filter_plugin.inc.php b/server/plugins-available/postfix_filter_plugin.inc.php
index 867df253a5f0e8117323e37e3a3215608f3f87cf..9c97ff1fa8c6bc14a327ebc782b1ac70026fd124 100644
--- a/server/plugins-available/postfix_filter_plugin.inc.php
+++ b/server/plugins-available/postfix_filter_plugin.inc.php
@@ -80,8 +80,8 @@ class postfix_filter_plugin {
$type = $data["new"]["type"];
if($type != '') {
- $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
- $rules = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ?' AND active = 'y'";
+ $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
$content = '';
foreach($rules as $rule) {
$content .= $rule["pattern"];
@@ -111,8 +111,8 @@ class postfix_filter_plugin {
$type = $data["old"]["type"];
if($type != '') {
- $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
- $rules = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ? AND active = 'y'";
+ $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
$content = '';
foreach($rules as $rule) {
$content .= $rule["pattern"];
diff --git a/server/plugins-available/powerdns_plugin.inc.php b/server/plugins-available/powerdns_plugin.inc.php
index 14c244714b608853c1cba95597cf67c7be58b9d8..412050d009225126e08fba0f3d39b6f1c2e998cb 100644
--- a/server/plugins-available/powerdns_plugin.inc.php
+++ b/server/plugins-available/powerdns_plugin.inc.php
@@ -132,9 +132,9 @@ class powerdns_plugin {
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
- $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);
+ $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$serial_id = $serial["serial"];
- $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES ('$origin', 'MASTER', $serial_id, $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'MASTER', $serial_id, $ispconfig_id);
$zone_id = $app->db->insertID();
if(substr($data["new"]["ns"], -1) == '.'){
$ns = substr($data["new"]["ns"], 0, -1);
@@ -147,7 +147,7 @@ class powerdns_plugin {
$content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];
$ttl = $data["new"]["ttl"];
- $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$origin', 'SOA', '$content', $ttl, 0, ".time().", $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, 'SOA', ?, ?, 0, UNIX_TIMESTAMP(), ?)", $zone_id, $origin, $content, $ttl, $ispconfig_id);
//* tell pdns to rediscover zones in DB
$this->zoneRediscover();
@@ -164,7 +164,7 @@ class powerdns_plugin {
if($data["old"]["active"] != 'Y') return;
$this->soa_delete($event_name, $data);
} else {
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ?", $data["new"]["id"]);
if($data["old"]["active"] == 'Y' && is_array($exists)){
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
@@ -179,7 +179,7 @@ class powerdns_plugin {
$hostmaster = substr($data["new"]["mbox"], 0, -1);
$content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];
$ttl = $data["new"]["ttl"];
- $app->db->query("UPDATE powerdns.records SET name = '$origin', content = '$content', ttl = $ttl, change_date = ".time()." WHERE ispconfig_id = ".$data["new"]["id"]." AND type = 'SOA'");
+ $app->db->query("UPDATE powerdns.records SET name = ?, content = ?, ttl = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $content, $ttl, $data["new"]["id"]);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -188,7 +188,7 @@ class powerdns_plugin {
} else {
$this->soa_insert($event_name, $data);
$ispconfig_id = $data["new"]["id"];
- if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = $ispconfig_id AND active = 'Y'")){
+ if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id)){
foreach($records as $record){
foreach($record as $key => $val){
$data["new"][$key] = $val;
@@ -207,10 +207,10 @@ class powerdns_plugin {
function soa_delete($event_name, $data) {
global $app, $conf;
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'MASTER'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["old"]["id"]);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");
- $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);
+ $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);
}
function slave_insert($event_name, $data) {
@@ -222,7 +222,7 @@ class powerdns_plugin {
$ispconfig_id = $data["new"]["id"];
$master_ns = $data["new"]["ns"];
- $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES ('$origin', 'SLAVE', '$master_ns', $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'SLAVE', $master_ns, $ispconfig_id);
$zone_id = $app->db->insertID();
@@ -243,12 +243,12 @@ class powerdns_plugin {
$ispconfig_id = $data["new"]["id"];
$master_ns = $data["new"]["ns"];
- $app->db->query("UPDATE powerdns.domains SET name = '$origin', type = 'SLAVE', master = '$master_ns' WHERE ispconfig_id=$ispconfig_id AND type = 'SLAVE'");
+ $app->db->query("UPDATE powerdns.domains SET name = ?, type = 'SLAVE', master = ? WHERE ispconfig_id=? AND type = 'SLAVE'", $origin, $master_ns, $ispconfig_id);
$zone_id = $app->db->insertID();
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$ispconfig_id." AND type = 'SLAVE'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $ispconfig_id);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id AND ispconfig_id = 0");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ? AND ispconfig_id = 0", $zone_id);
//* tell pdns to fetch zone from master server
$this->fetchFromMaster($data);
@@ -264,21 +264,21 @@ class powerdns_plugin {
function slave_delete($event_name, $data) {
global $app, $conf;
- $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'SLAVE'");
+ $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $data["old"]["id"]);
$zone_id = $zone["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");
- $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");
+ $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);
+ $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);
}
function rr_insert($event_name, $data) {
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);
if ( is_array($exists) ) return;
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
- $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");
+ $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);
$zone_id = $powerdns_zone["id"];
$type = $data["new"]["type"];
@@ -327,7 +327,7 @@ class powerdns_plugin {
$change_date = time();
$ispconfig_id = $data["new"]["id"];
- $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$name', '$type', '$content', $ttl, $prio, $change_date, $ispconfig_id)");
+ $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $zone_id, $name, $type, $content, $ttl, $prio, $change_date, $ispconfig_id);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -340,11 +340,11 @@ class powerdns_plugin {
if($data["old"]["active"] != 'Y') return;
$this->rr_delete($event_name, $data);
} else {
- $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);
+ $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);
if($data["old"]["active"] == 'Y' && is_array($exists)){
- $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);
+ $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
- $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");
+ $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);
$zone_id = $powerdns_zone["id"];
$type = $data["new"]["type"];
@@ -392,7 +392,7 @@ class powerdns_plugin {
$prio = $data["new"]["aux"];
$change_date = time();
$ispconfig_id = $data["new"]["id"];
- $app->db->query("UPDATE powerdns.records SET name = '$name', type = '$type', content = '$content', ttl = $ttl, prio = $prio, change_date = ".time()." WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("UPDATE powerdns.records SET name = ?, type = ?, content = ?, ttl = ?, prio = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type != 'SOA'", $name, $type, $content, $ttl, $prio, $ispconfig_id);
//* tell pdns to use 'pdnssec rectify' on the new zone
$this->rectifyZone($data);
@@ -406,7 +406,7 @@ class powerdns_plugin {
global $app, $conf;
$ispconfig_id = $data["old"]["id"];
- $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");
+ $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = ? AND type != 'SOA'", $ispconfig_id);
}
function find_pdns_control() {
@@ -475,7 +475,7 @@ class powerdns_plugin {
exec($pdns_pdnssec . ' rectify-zone ' . rtrim($data["new"]["origin"],"."));
} else {
// get origin from DB for all other recordtypes
- $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=".$data["new"]["id"]." AND r.domain_id = d.id");
+ $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=? AND r.domain_id = d.id", $data["new"]["id"]);
exec($pdns_pdnssec . ' rectify-zone ' . trim($zn["name"]));
}
}
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index e19796cfca45778e8a9522ab8167e041306fd381..6105f7bed59c2cd7239d7ef3df9eee211b066ce6 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -79,7 +79,7 @@ class shelluser_base_plugin {
}
//* Check if the resulting path is inside the docroot
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
return false;
@@ -163,7 +163,7 @@ class shelluser_base_plugin {
}
//* Check if the resulting path is inside the docroot
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
return false;
@@ -252,10 +252,10 @@ class shelluser_base_plugin {
$userid = intval($app->system->getuid($data['old']['username']));
if($userid > $this->min_uid) {
// check if we have to delete the dir
- $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($data['old']['dir']) . '\'');
+ $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $data['old']['dir']);
if(!$check && is_dir($data['old']['dir'])) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['old']['parent_domain_id']));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
$app->system->web_folder_protection($web['document_root'], false);
@@ -311,11 +311,11 @@ class shelluser_base_plugin {
global $app;
$this->app->log("ssh-rsa setup shelluser_base", LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
- $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
- $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = '.intval($domain_data['sys_groupid']));
+ $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = ?', $this->data['new']['parent_domain_id']);
+ $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = ?', $domain_data['sys_groupid']);
$id = intval($sys_group_data['client_id']);
$username= $sys_group_data['name'];
- $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = '.$id);
+ $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = ?', $id);
$userkey = $client_data['ssh_rsa'];
unset($domain_data);
unset($client_data);
@@ -323,7 +323,7 @@ class shelluser_base_plugin {
// ssh-rsa authentication variables
//$sshrsa = $this->data['new']['ssh_rsa'];
$sshrsa = '';
- $ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ".intval($this->data['new']['parent_domain_id']));
+ $ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ?", $this->data['new']['parent_domain_id']);
if(is_array($ssh_users)) {
foreach($ssh_users as $sshu) {
if($sshu['ssh_rsa'] != '') $sshrsa .= "\n".$sshu['ssh_rsa'];
@@ -347,7 +347,7 @@ class shelluser_base_plugin {
$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote($app->system->file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote($userkey)."' WHERE client_id = ".$id);
+ $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
$app->system->unlink('/tmp/id_rsa');
$app->system->unlink('/tmp/id_rsa.pub');
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 3c8e2948a1d6c5d5bb83e4006961fd2e7f29a2d3..aabbcde2343a5392447f789cebc4516706ed31b4 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -80,7 +80,7 @@ class shelluser_jailkit_plugin {
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!$app->system->is_allowed_user($data['new']['username'], false, false)
|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
@@ -159,7 +159,7 @@ class shelluser_jailkit_plugin {
return false;
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
if(!$app->system->is_allowed_user($data['new']['username'], false, false)
|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
@@ -232,7 +232,7 @@ class shelluser_jailkit_plugin {
return false;
}
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
if ($data['old']['chroot'] == "jailkit")
{
@@ -284,7 +284,7 @@ class shelluser_jailkit_plugin {
//add bash.bashrc script
//we need to collect the domain name to be used as the HOSTNAME in the bashrc script
- $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"]));
+ $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ?", $this->data['new']["parent_domain_id"]);
$this->app->load('tpl');
@@ -407,7 +407,7 @@ class shelluser_jailkit_plugin {
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
// Get the parent website of this shell user
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);
//* If the security level is set to high
if($web_config['security_level'] == 20 && is_array($web)) {
@@ -431,11 +431,11 @@ class shelluser_jailkit_plugin {
global $app;
$this->app->log("ssh-rsa setup shelluser_jailkit", LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
- $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
- $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = '.intval($domain_data['sys_groupid']));
+ $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = ?', $this->data['new']['parent_domain_id']);
+ $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = ?', $domain_data['sys_groupid']);
$id = intval($sys_group_data['client_id']);
$username= $sys_group_data['name'];
- $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = '.$id);
+ $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = ?', $id);
$userkey = $client_data['ssh_rsa'];
unset($domain_data);
unset($client_data);
@@ -459,7 +459,7 @@ class shelluser_jailkit_plugin {
$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote($app->system->file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote($userkey)."' WHERE client_id = ".$id);
+ $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ? ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
$app->system->unlink('/tmp/id_rsa');
$app->system->unlink('/tmp/id_rsa.pub');
@@ -532,10 +532,10 @@ class shelluser_jailkit_plugin {
global $app, $conf;
// check if we have to delete the dir
- $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($homedir) . '\'');
+ $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $homedir);
if(!$check && is_dir($homedir)) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($parent_domain_id));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $parent_domain_id);
$app->system->web_folder_protection($web['document_root'], false);
// delete dir
diff --git a/server/plugins-available/software_update_plugin.inc.php b/server/plugins-available/software_update_plugin.inc.php
index 6f12bf890a96870f0240a4eb3ee45cf5bc26d755..ae6b79cfc4ac42bb6d68355290112f60e6bd53e2 100644
--- a/server/plugins-available/software_update_plugin.inc.php
+++ b/server/plugins-available/software_update_plugin.inc.php
@@ -67,8 +67,8 @@ class software_update_plugin {
private function set_install_status($inst_id, $status) {
global $app;
- $app->db->query("UPDATE software_update_inst SET status = '{$status}' WHERE software_update_inst_id = '{$inst_id}'");
- $app->dbmaster->query("UPDATE software_update_inst SET status = '{$status}' WHERE software_update_inst_id = '{$inst_id}'");
+ $app->db->query("UPDATE software_update_inst SET status = ? WHERE software_update_inst_id = ?", $status, $inst_id);
+ $app->dbmaster->query("UPDATE software_update_inst SET status = ? WHERE software_update_inst_id = ?", $status, $inst_id);
}
public function process($event_name, $data) {
@@ -76,8 +76,8 @@ class software_update_plugin {
//* Get the info of the package:
$software_update_id = intval($data["new"]["software_update_id"]);
- $software_update = $app->db->queryOneRecord("SELECT * FROM software_update WHERE software_update_id = '$software_update_id'");
- $software_package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '".$app->db->quote($software_update['package_name'])."'");
+ $software_update = $app->db->queryOneRecord("SELECT * FROM software_update WHERE software_update_id = ?", $software_update_id);
+ $software_package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $software_update['package_name']);
if($software_package['package_type'] == 'ispconfig' && !$conf['software_updates_enabled'] == true) {
$app->log('Software Updates not enabled on this server. To enable updates, set $conf["software_updates_enabled"] = true; in config.inc.php', LOGLEVEL_WARN);
diff --git a/server/plugins-available/webmail_symlink_plugin.inc.php b/server/plugins-available/webmail_symlink_plugin.inc.php
index 43cca9b357956e4fe65eefbc47046e21e006fb10..c64b706d7e4361d42919246c8e8804426ea2def9 100644
--- a/server/plugins-available/webmail_symlink_plugin.inc.php
+++ b/server/plugins-available/webmail_symlink_plugin.inc.php
@@ -81,7 +81,7 @@ class webmail_symlink_plugin {
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) {
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
@@ -89,7 +89,7 @@ class webmail_symlink_plugin {
}
// This is not a vhost, so we need to update the parent record instead.
- $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'");
+ $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data["new"] = $tmp;
$data["old"] = $tmp;
$this->action = 'update';
diff --git a/server/plugins-available/webserver_plugin.inc.php b/server/plugins-available/webserver_plugin.inc.php
index dd5a50b0561012f5fc072c391e08f4f30e7b0041..cca339ace01a5f123e6dd9167c568343d1906eed 100644
--- a/server/plugins-available/webserver_plugin.inc.php
+++ b/server/plugins-available/webserver_plugin.inc.php
@@ -107,7 +107,7 @@ class webserver_plugin {
//** read additional php versions of this server
- $php_versions = $app->db->queryAllRecords('SELECT server_php_id, php_fastcgi_ini_dir, php_fpm_ini_dir FROM server_php WHERE server_id = ' . intval($conf['server_id']));
+ $php_versions = $app->db->queryAllRecords('SELECT server_php_id, php_fastcgi_ini_dir, php_fpm_ini_dir FROM server_php WHERE server_id = ?', $conf['server_id']);
foreach($php_versions as $php) {
if($php['php_fastcgi_ini_dir'] && $php['php_fastcgi_ini_dir'] . '/php.ini' != $web_config['php_ini_path_cgi']) {
$check_files[] = array('file' => $php['php_fastcgi_ini_dir'] . '/php.ini',
diff --git a/server/plugins-available/xmpp_plugin.inc.php b/server/plugins-available/xmpp_plugin.inc.php
index d5d36a05a78ee2c04f2c83b0d035ceaca1f1d77c..128a88ebb47e76d9ce51dc1b05f578fc15a9ab2b 100644
--- a/server/plugins-available/xmpp_plugin.inc.php
+++ b/server/plugins-available/xmpp_plugin.inc.php
@@ -315,17 +315,17 @@ class xmpp_plugin {
exec("(cd /etc/metronome/certs && make $domain.csr)");
exec("(cd /etc/metronome/certs && make $domain.cert)");
- $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ $ssl_key = $app->system->file_get_contents($key_file);
$app->system->chmod($key_file, 0400);
$app->system->chown($key_file, 'metronome');
- $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
- $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
+ $ssl_request = $app->system->file_get_contents($csr_file);
+ $ssl_cert = $app->system->file_get_contents($crt_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -355,18 +355,18 @@ class xmpp_plugin {
$app->system->chmod($key_file, 0400);
$app->system->chown($key_file, 'metronome');
} else {
- $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ $ssl_key = $app->system->file_get_contents($key_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = ?", $data['new']['domain']);
}
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -382,11 +382,11 @@ class xmpp_plugin {
$app->system->unlink($key_file.'.bak');
$app->system->unlink($cnf_file.'.bak');
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
- $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
- $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
diff --git a/server/server.php b/server/server.php
index 4cf1d353b77ff87409d22fba8dc9c97ca3d4e3c3..4479b147c5504ef304ce1beb3fc5d2a00c19c2c1 100644
--- a/server/server.php
+++ b/server/server.php
@@ -43,14 +43,14 @@ $conf['server_id'] = intval($conf['server_id']);
* Try to Load the server configuration from the master-db
*/
if ($app->dbmaster->connect_error == NULL) {
- $server_db_record = $app->dbmaster->queryOneRecord("SELECT * FROM server WHERE server_id = " . $conf['server_id']);
+ $server_db_record = $app->dbmaster->queryOneRecord("SELECT * FROM server WHERE server_id = ?", $conf['server_id']);
if(!is_array($server_db_record)) die('Unable to load the server configuration from database.');
//* Get the number of the last processed datalog_id, if the id of the local server
//* is > then the one of the remote system, then use the local ID as we might not have
//* reached the remote server during the last run then.
- $local_server_db_record = $app->db->queryOneRecord("SELECT * FROM server WHERE server_id = " . $conf['server_id']);
+ $local_server_db_record = $app->db->queryOneRecord("SELECT * FROM server WHERE server_id = ?", $conf['server_id']);
$conf['last_datalog_id'] = (int) max($server_db_record['updated'], $local_server_db_record['updated']);
unset($local_server_db_record);
@@ -73,7 +73,6 @@ if ($app->dbmaster->connect_error == NULL) {
unset($server_db_record);
// retrieve admin email address for notifications
- //$sys_ini = $app->dbmaster->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
$sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
$conf['sys_ini'] = $app->ini_parser->parse_ini_string(stripslashes($sys_ini['config']));
$conf['admin_mail'] = $conf['sys_ini']['mail']['admin_mail'];
@@ -156,9 +155,9 @@ if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) {
// Check if there is anything to update
if ($conf['mirror_server_id'] > 0) {
- $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > " . $conf['last_datalog_id'] . " AND (server_id = " . $conf['server_id'] . " OR server_id = " . $conf['mirror_server_id'] . " OR server_id = 0)");
+ $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = ? OR server_id = 0)", $conf['last_datalog_id'], $conf['server_id'], $conf['mirror_server_id']);
} else {
- $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > " . $conf['last_datalog_id'] . " AND (server_id = " . $conf['server_id'] . " OR server_id = 0)");
+ $tmp_rec = $app->dbmaster->queryOneRecord("SELECT count(server_id) as number from sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0)", $conf['last_datalog_id'], $conf['server_id']);
}
$tmp_num_records = $tmp_rec['number'];