diff --git a/helper_scripts/recreate_webalizer_stats.php b/helper_scripts/recreate_webalizer_stats.php
index fbaef38097d01009ac947755644fbf20f17803c0..5afcd9759a858aa6dccce93069a421c2be1c26e5 100644
--- a/helper_scripts/recreate_webalizer_stats.php
+++ b/helper_scripts/recreate_webalizer_stats.php
@@ -5,8 +5,8 @@
//######################################################################################################
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
foreach($records as $rec) {
$domain = escapeshellcmd($rec["domain"]);
$logdir = escapeshellcmd($rec["document_root"].'/log');
diff --git a/install/apps/metronome_libs/mod_auth_external/db_auth.php b/install/apps/metronome_libs/mod_auth_external/db_auth.php
index 086dcf6a0143efbb8562f3817d0fc7c58c03d949..3df135bc12a95c6773c5a8033f8b8117a3759981 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_auth.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_auth.php
@@ -17,7 +17,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
diff --git a/install/apps/metronome_libs/mod_auth_external/db_isuser.php b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
index 7a7cf861bf88f38035535297672636f1518dca3a..e6820635bcdd085c3273f5e6c9c65819cea8d675 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_isuser.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
@@ -15,7 +15,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+ $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
result_true();
diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php
index fab5628a77cfe9b1e7da045adfebcf06f832b4a2..80ad28faebbb84922775c2f2590fa79229f85e93 100644
--- a/install/dist/lib/debian60.lib.php
+++ b/install/dist/lib/debian60.lib.php
@@ -38,7 +38,7 @@ class installer extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -154,10 +154,6 @@ class installer extends installer_base {
*/
}
- public function configure_xmpp() {
- parent::configure_xmpp();
- }
-
}
?>
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index ecdb00f61e2d5fd14957693860b045cc5cd34e01..7b3fd6e25df51d50896be625076c1a97ea9c6fcf 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -185,7 +185,7 @@ class installer_dist extends installer_base {
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -404,7 +404,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -713,7 +713,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -799,7 +799,7 @@ class installer_dist extends installer_base {
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
- public function configure_firewall()
+ public function configure_bastille_firewall()
{
global $conf;
@@ -821,7 +821,7 @@ class installer_dist extends installer_base {
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -832,7 +832,7 @@ class installer_dist extends installer_base {
}
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1032,13 +1032,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index d23f777d3fa019e075625aff389ed65e6fd4ba8e..d8c3f3818a653c171d2ab161276be2e7ad365974 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -258,7 +258,7 @@ class installer extends installer_base
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -450,13 +450,13 @@ class installer extends installer_base
global $conf;
//* Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
- $query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
- if(!$this->db->query($query)) {
+ $query = 'GRANT ALL ON ??.* TO ?@?';
+ if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
@@ -566,25 +566,10 @@ class installer extends installer_base
//* Copy the ISPConfig configuration include
- /*
- $content = $this->get_template_file('apache_ispconfig.conf', true);
-
- $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
- if(is_array($records) && count($records) > 0)
- {
- foreach($records as $rec) {
- $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
- $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
- }
- }
-
- $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
- */
-
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -933,13 +918,11 @@ class installer extends installer_base
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index c60f9db65dce0fded35247a131bc2f01faf8e50d..55d48884a0b2f5afc297e8330f938ae55df21c31 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -215,7 +215,7 @@ class installer_dist extends installer_base {
if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -459,7 +459,7 @@ class installer_dist extends installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -745,7 +745,7 @@ class installer_dist extends installer_base {
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -873,7 +873,7 @@ class installer_dist extends installer_base {
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
- public function configure_firewall()
+ public function configure_bastille_firewall()
{
global $conf;
@@ -895,7 +895,7 @@ class installer_dist extends installer_base {
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -907,7 +907,7 @@ class installer_dist extends installer_base {
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1105,13 +1105,11 @@ class installer_dist extends installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+ $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
}
// chown install dir to root and chmod 755
diff --git a/install/install.php b/install/install.php
index 3aedfefa856c1c0ea05ae325f312130d2c3be834..e5f0abea77695fe7119242605e45a021fa6c1d21 100644
--- a/install/install.php
+++ b/install/install.php
@@ -449,10 +449,8 @@ if($install_mode == 'standard') {
// initialize the connection to the master database
$inst->dbmaster = new db();
if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
- $inst->dbmaster->dbHost = $conf['mysql']["master_host"];
- $inst->dbmaster->dbName = $conf['mysql']["master_database"];
- $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];
- $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];
+ $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);
+ $inst->dbmaster->setDBName($conf['mysql']["master_database"]);
} else {
// the master DB is the same then the slave DB
@@ -623,23 +621,17 @@ if($install_mode == 'standard') {
//** Configure Firewall
if(strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
- //if($conf['bastille']['installed'] == true) {
- //* Configure Bastille Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Bastille Firewall');
- $inst->configure_firewall();
- /*} elseif($conf['ufw']['installed'] == true) {
- //* Configure Ubuntu Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Ubuntu Firewall');
- $inst->configure_ufw_firewall();
- } else {
- //* Configure Bastille Firewall
- $conf['services']['firewall'] = true;
- swriteln('Configuring Bastille Firewall');
- $inst->configure_bastille_firewall();
- }
- */
+ if($conf['ufw']['installed'] == true) {
+ //* Configure Ubuntu Firewall
+ $conf['services']['firewall'] = true;
+ swriteln('Configuring Ubuntu Firewall');
+ $inst->configure_ufw_firewall();
+ } else {
+ //* Configure Bastille Firewall
+ $conf['services']['firewall'] = true;
+ swriteln('Configuring Bastille Firewall');
+ $inst->configure_bastille_firewall();
+ }
}
//** Configure Firewall
@@ -713,6 +705,8 @@ if($install_mode == 'standard') {
} //* << $install_mode / 'Standard' or Genius
+$inst->create_mount_script();
+
//* Create md5 filelist
$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';
exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index cf9b51912eb6157999b56190235f58dea8586257..4e1ee478ed9c1f6a4d3098e0b1c6dcee26e70e25 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -167,12 +167,12 @@ class installer_base {
global $conf;
//** Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['mysql']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');
}
//* Set the database name in the DB library
- $this->db->dbName = $conf['mysql']['database'];
+ $this->db->setDBName($conf['mysql']['database']);
//* Load the database dump into the database, if database contains no tables
$db_tables = $this->db->getTables();
@@ -192,8 +192,8 @@ class installer_base {
}
//* Load system.ini into the sys_ini table
- $system_ini = $this->db->quote(rf('tpl/system.ini.master'));
- $this->db->query("UPDATE sys_ini SET config = '$system_ini' WHERE sysini_id = 1");
+ $system_ini = rf('tpl/system.ini.master');
+ $this->db->query("UPDATE sys_ini SET config = ? WHERE sysini_id = 1", $system_ini);
}
}
@@ -210,15 +210,13 @@ class installer_base {
}
// Delete ISPConfig user in the local database, in case that it exists
- $this->db->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['ispconfig_user']."' AND Host = '".$from_host."';");
- $this->db->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['database']."' AND Host = '".$from_host."';");
- $this->db->query('FLUSH PRIVILEGES;');
+ $this->db->query("DELETE FROM mysql.user WHERE User = ? AND Host = ?", $conf['mysql']['ispconfig_user'], $from_host);
+ $this->db->query("DELETE FROM mysql.db WHERE Db = ? AND Host = ?", $conf['mysql']['database'], $from_host);
+ $this->db->query('FLUSH PRIVILEGES');
//* Create the ISPConfig database user in the local database
- $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['database'].".* "
- ."TO '".$conf['mysql']['ispconfig_user']."'@'".$from_host."' "
- ."IDENTIFIED BY '".$conf['mysql']['ispconfig_password']."';";
- if(!$this->db->query($query)) {
+ $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON ?? TO ?@? IDENTIFIED BY ?';
+ if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host, $conf['mysql']['ispconfig_password'])) {
$this->error('Unable to create database user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);
}
@@ -226,7 +224,7 @@ class installer_base {
$this->db->query('FLUSH PRIVILEGES;');
//* Set the database name in the DB library
- $this->db->dbName = $conf['mysql']['database'];
+ $this->db->setDBName($conf['mysql']['database']);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
@@ -280,8 +278,7 @@ class installer_base {
}
$server_ini_content = array_to_ini($tpl_ini_array);
- $server_ini_content = mysql_real_escape_string($server_ini_content);
-
+
$mail_server_enabled = ($conf['services']['mail'])?1:0;
$web_server_enabled = ($conf['services']['web'])?1:0;
$dns_server_enabled = ($conf['services']['dns'])?1:0;
@@ -309,14 +306,14 @@ class installer_base {
if($conf['mysql']['master_slave_setup'] == 'y') {
//* Insert the server record in master DB
- $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->dbmaster->query($sql);
+ $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
$conf['server_id'] = $this->dbmaster->insertID();
$conf['server_id'] = $conf['server_id'];
//* Insert the same record in the local DB
- $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->db->query($sql);
+ $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
//* username for the ispconfig user
$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
@@ -325,8 +322,8 @@ class installer_base {
} else {
//* Insert the server, if its not a mster / slave setup
- $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
- $this->db->query($sql);
+ $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
+ $this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
$conf['server_id'] = $this->db->insertID();
$conf['server_id'] = $conf['server_id'];
}
@@ -388,141 +385,141 @@ class installer_base {
* if not, the user already exists and we do not need the pwd
*/
if ($value['pwd'] != ''){
- $query = "CREATE USER '".$value['user']."'@'".$host."' IDENTIFIED BY '" . $value['pwd'] . "'";
+ $query = "CREATE USER ?@? IDENTIFIED BY ?";
if ($verbose){
echo "\n\n" . $query ."\n";
}
- $this->dbmaster->query($query); // ignore the error
+ $this->dbmaster->query($query, $value['user'], $host, $value['pwd']); // ignore the error
}
/*
* Try to delete all rights of the user in case that it exists.
* In Case that it will not exist, do nothing (ignore the error!)
*/
- $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '".$value['user']."'@'".$host."' ";
+ $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ?@?";
if ($verbose){
echo "\n\n" . $query ."\n";
}
- $this->dbmaster->query($query); // ignore the error
+ $this->dbmaster->query($query, $value['user'], $host); // ignore the error
//* Create the ISPConfig database user in the remote database
- $query = "GRANT SELECT ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT ON ".$value['db'].".`sys_log` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_log', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ".$value['db'].".`sys_datalog` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_datalog', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`status`) ON ".$value['db'].".`software_update_inst` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`status`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.software_update_inst', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE(`updated`) ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE(`updated`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_domain', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT ON ".$value['db'].".`sys_group` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_group', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ".$value['db'].".`sys_remoteaction` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.sys_remoteaction', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT , DELETE ON ".$value['db'].".`monitor_data` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT , DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.monitor_data', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`mail_traffic` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.mail_traffic', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`web_traffic` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_traffic', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE, DELETE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, DELETE ON ".$value['db'].".`aps_instances_settings` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances_settings', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.web_backup', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
if ($verbose){
echo $query ."\n";
}
- if(!$this->dbmaster->query($query)) {
+ if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
}
@@ -530,7 +527,7 @@ class installer_base {
/*
* It is all done. Relod the rights...
*/
- $this->dbmaster->query('FLUSH PRIVILEGES;');
+ $this->dbmaster->query('FLUSH PRIVILEGES');
}
}
@@ -735,7 +732,7 @@ class installer_base {
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM `" . $this->db->quote($conf["mysql"]["database"]) . "`.`server` WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -983,7 +980,7 @@ class installer_base {
// check if virtual_transport must be changed
if ($this->is_update) {
- $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
@@ -1259,18 +1256,18 @@ class installer_base {
global $conf;
//* Create the database
- if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+ if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
- $query = "GRANT ALL ON `".$conf['powerdns']['database']."` . * TO '".$conf['mysql']['ispconfig_user']."'@'localhost';";
- if(!$this->db->query($query)) {
+ $query = "GRANT ALL ON ?? TO ?@'localhost'";
+ if(!$this->db->query($query, $conf['powerdns']['database'] . '.*', $conf['mysql']['ispconfig_user'])) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
//* Reload database privelages
- $this->db->query('FLUSH PRIVILEGES;');
+ $this->db->query('FLUSH PRIVILEGES');
//* load the powerdns databse dump
if($conf['mysql']['admin_password'] == '') {
@@ -1333,7 +1330,7 @@ class installer_base {
if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
unlink('/etc/metronome/metronome.cfg.lua');
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
+ $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$server_name = $row["server_name"];
$tpl = new tpl('metronome_conf_main.master');
@@ -1492,7 +1489,7 @@ Email Address []:
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
- $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+ $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
$ip_addresses = array();
if(is_array($records) && count($records) > 0) {
@@ -1575,36 +1572,6 @@ Email Address []:
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
- /*
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
- $ip_address = gethostbyname($row["server_name"]);
- $server_name = $row["server_name"];
-
- //setup proxy.conf
- $configfile = 'proxy.conf';
- if(is_file($conf["nginx"]["config_dir"].'/'.$configfile)) copy($conf["nginx"]["config_dir"].'/'.$configfile,$conf["nginx"]["config_dir"].'/'.$configfile.'~');
- if(is_file($conf["nginx"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/'.$configfile.'~');
- $content = rf("tpl/nginx_".$configfile.".master");
- wf($conf["nginx"]["config_dir"].'/'.$configfile,$content);
- exec('chmod 600 '.$conf["nginx"]["config_dir"].'/'.$configfile);
- exec('chown root:root '.$conf["nginx"]["config_dir"].'/'.$configfile);
-
- //setup conf.d/cache.conf
- $configfile = 'cache.conf';
- if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile)) copy($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
- if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
- $content = rf("tpl/nginx_".$configfile.".master");
- wf($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$content);
- exec('chmod 600 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
- exec('chown root:root '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
-
- //setup cache directories
- mkdir('/var/cache/nginx/cache');
- exec('chown www-data:www-data /var/cache/nginx/cache');
- mkdir('/var/cache/nginx/temp');
- exec('chown www-data:www-data /var/cache/nginx/temp');
- */
}
public function configure_fail2ban() {
@@ -1614,7 +1581,7 @@ Email Address []:
public function configure_squid()
{
global $conf;
- $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
+ $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$ip_address = gethostbyname($row["server_name"]);
$server_name = $row["server_name"];
@@ -1661,7 +1628,7 @@ Email Address []:
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') {
$tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));
@@ -1673,7 +1640,7 @@ Email Address []:
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
- if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+ if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
}
$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
@@ -2100,13 +2067,11 @@ Email Address []:
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ?";
+ $this->db->query($sql, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
- $this->dbmaster->query($sql);
- $this->db->query($sql);
- } else {
- $this->db->query($sql);
+ $this->dbmaster->query($sql, $conf['server_id']);
}
@@ -2485,6 +2450,32 @@ Email Address []:
}
+ public function create_mount_script(){
+ global $app, $conf;
+ $mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
+ $mount_command = '';
+
+ if(is_file($mount_script)) return;
+ if(is_file('/etc/rc.local')){
+ $rc_local = file('/etc/rc.local');
+ if(is_array($rc_local) && !empty($rc_local)){
+ foreach($rc_local as $line){
+ $line = trim($line);
+ if(substr($line, 0, 1) == '#') continue;
+ if(strpos($line, 'sshfs') !== false && strpos($line, '/var/backup') !== false){
+ $mount_command = "#!/bin/sh\n\n";
+ $mount_command .= $line."\n\n";
+ file_put_contents($mount_script, $mount_command);
+ chmod($mount_script, 0755);
+ chown($mount_script, 'root');
+ chgrp($mount_script, 'root');
+ break;
+ }
+ }
+ }
+ }
+ }
+
// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
public function cleanup_ispconfig() {
global $app,$conf;
diff --git a/install/lib/mysql.lib.php b/install/lib/mysql.lib.php
index c5c2a83a68681ac18a7c3036307c6f0b4423fa49..c6078ca2bbc05a2ede69c76fb6edfe50f9fa416c 100644
--- a/install/lib/mysql.lib.php
+++ b/install/lib/mysql.lib.php
@@ -1,190 +1,499 @@
_iConnId) mysqli_close($this->_iConnId);
+ }
+
+ private function do_connect() {
global $conf;
+
+ if($this->_iConnId) return true;
$this->dbHost = $conf["mysql"]["host"];
- //$this->dbName = $conf["mysql"]["database"];
+ $this->dbName = false;//$conf["mysql"]["database"];
$this->dbUser = $conf["mysql"]["admin_user"];
$this->dbPass = $conf["mysql"]["admin_password"];
$this->dbCharset = $conf["mysql"]["charset"];
- //$this->connect();
- }
+ $this->dbNewLink = false;
+ $this->dbClientFlags = null;
+
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ $try = 0;
+ while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
+ if($try > 0) sleep(1);
+
+ $try++;
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ }
- // error handler
- function updateError($location)
- {
- $this->errorNumber = mysqli_errno($this->linkId);
- $this->errorMessage = mysqli_error($this->linkId);
- $this->errorLocation = $location;
- if($this->errorNumber && $this->show_error_messages)
- {
- echo ' '.$this->errorLocation.' '.$this->errorMessage;
- flush();
+ if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ $this->_iConnId = null;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
+ return false;
+ }
+
+ if($this->dbName) $this->setDBName($this->dbName);
+
+ $this->_setCharset();
+ }
+
+ public function setDBData($host, $user, $password) {
+ $this->dbHost = $host;
+ $this->dbUser = $user;
+ $this->dbPass = $password;
+ }
+
+ public function setDBName($name) {
+ $this->dbName = $name;
+ if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
+ $this->close();
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found');
+ return false;
}
}
+
+ public function close() {
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ $this->_iConnId = null;
+ }
- function connect()
- {
- if(!$this->linkId)
- {
- $this->linkId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+ /* This allows our private variables to be "read" out side of the class */
+ public function __get($var) {
+ return isset($this->$var) ? $this->$var : NULL;
+ }
- if(!$this->linkId)
- {
- $this->updateError('DB::connect() mysqli_connect');
- return false;
+ public function _build_query_string($sQuery = '') {
+ $iArgs = func_num_args();
+ if($iArgs > 1) {
+ $aArgs = func_get_args();
+
+ if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
+ $aArgs = $aArgs[2];
+ $iArgs = count($aArgs);
+ } else {
+ array_shift($aArgs); // delete the query string that is the first arg!
+ }
+
+ $iPos = 0;
+ $iPos2 = 0;
+ foreach($aArgs as $sKey => $sValue) {
+ $iPos2 = strpos($sQuery, '??', $iPos2);
+ $iPos = strpos($sQuery, '?', $iPos);
+
+ if($iPos === false && $iPos2 === false) break;
+
+ if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
+ $sTxt = $this->escape($sValue);
+
+ if(strpos($sTxt, '.') !== false) {
+ $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ $sTxt = str_replace('.`*`', '.*', $sTxt);
+ } else $sTxt = '`' . $sTxt . '`';
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
+ $iPos2 += strlen($sTxt);
+ $iPos = $iPos2;
+ } else {
+ if(is_int($sValue) || is_float($sValue)) {
+ $sTxt = $sValue;
+ } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ $sTxt = 'NULL';
+ } elseif(is_array($sValue)) {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ } else {
+ $sTxt = '\'' . $this->escape($sValue) . '\'';
+ }
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
+ $iPos += strlen($sTxt);
+ $iPos2 = $iPos;
+ }
}
- $this->queryId = @mysqli_query($this->linkId, 'SET NAMES '.$this->dbCharset);
}
- return true;
+
+ return $sQuery;
}
- function query($queryString)
- {
- if(!$this->connect())
- {
+ /**#@-*/
+
+
+ /**#@+
+ * @access private
+ */
+ private function _setCharset() {
+ mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
+ mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ }
+
+ private function _query($sQuery = '') {
+ $this->do_connect();
+
+ if ($sQuery == '') {
+ $this->_sqlerror('Keine Anfrage angegeben / No query given');
return false;
}
- if($this->dbName != '') {
- if(!mysqli_select_db($this->linkId, $this->dbName))
- {
- $this->updateError('DB::connect() mysqli_select_db');
- return false;
+
+ $try = 0;
+ do {
+ $try++;
+ $ok = mysqli_ping($this->_iConnId);
+ if(!$ok) {
+ if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
+ if($this->errorNumber == '111') {
+ // server is not available
+ if($try > 9) {
+ $this->_sqlerror('DB::query -> error connecting');
+ exit;
+ }
+ sleep(30); // additional seconds, please!
+ }
+
+ if($try > 9) {
+ $this->_sqlerror('DB::query -> reconnect');
+ return false;
+ } else {
+ sleep(($try > 7 ? 5 : 1));
+ }
+ } else {
+ $this->_setCharset();
+ $ok = true;
+ }
}
- }
- $this->queryId = @mysqli_query($this->linkId, $queryString);
- $this->updateError('DB::query('.$queryString.') mysqli_query');
- if(!$this->queryId)
- {
+ } while($ok == false);
+
+ $aArgs = func_get_args();
+ $sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
+
+ $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
+ if (!$this->_iQueryId) {
+ $this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
return false;
}
- $this->currentRow = 0;
- return $this->queryId;
+
+ return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
}
- // returns all records in an array
- function queryAllRecords($queryString)
- {
- if(!$this->query($queryString))
- {
- return false;
- }
- $ret = array();
- while($line = $this->nextRecord())
- {
- $ret[] = $line;
+ /**#@-*/
+
+
+
+
+
+ /**
+ * Executes a query
+ *
+ * Executes a given query string, has a variable amount of parameters:
+ * - 1 parameter
+ * executes the given query
+ * - 2 parameters
+ * executes the given query, replaces the first ? in the query with the second parameter
+ * - 3 parameters
+ * if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
+ * - 4 or more parameters
+ * all ? in the query are replaced from left to right by the parameters 2 to x
+ *
+ * @access public
+ * @param string $sQuery query string
+ * @param mixed ... one or more parameters
+ * @return db_result the result object of the query
+ */
+
+
+ public function query($sQuery = '') {
+ $aArgs = func_get_args();
+ return call_user_func_array(array(&$this, '_query'), $aArgs);
+ }
+
+ /**
+ * Execute a query and get first result array
+ *
+ * Executes a query and returns the first result row as an array
+ * This is like calling $result = $db->query(), $result->get(), $result->free()
+ * Use of this function @see query
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array result row or NULL if none found
+ */
+ public function queryOneRecord($sQuery = '') {
+ if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';
+
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return null;
+
+ $aReturn = $oResult->get();
+ $oResult->free();
+
+ return $aReturn;
+ }
+
+ public function queryOne($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
+ }
+
+ public function query_one($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
+ }
+
+ /**
+ * Execute a query and return all rows
+ *
+ * Executes a query and returns all result rows in an array
+ * Use this with extreme care!!! Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllRecords($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = $aRow;
}
- return $ret;
+ $oResult->free();
+
+ return $aResults;
}
- // returns one record in an array
- function queryOneRecord($queryString)
- {
- if(!$this->query($queryString) || $this->numRows() == 0)
- {
- return false;
+ public function queryAll($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
+ }
+
+ public function query_all($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
+ }
+
+ /**
+ * Execute a query and return all rows as simple array
+ *
+ * Executes a query and returns all result rows in an array with elements
+ * Only first column is returned Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllArray($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = reset($aRow);
}
- return $this->nextRecord();
+ $oResult->free();
+
+ return $aResults;
}
- // returns the next record in an array
- function nextRecord()
- {
- $this->record = mysqli_fetch_assoc($this->queryId);
- $this->updateError('DB::nextRecord() mysqli_fetch_array');
- if(!$this->record || !is_array($this->record))
- {
- return false;
+ public function query_all_array($sQuery = '') {
+ return call_user_func_array(array(&$this, 'queryAllArray'), func_get_args());
+ }
+
+
+
+ /**
+ * Get id of last inserted row
+ *
+ * Gives you the id of the last inserted row in a table with an auto-increment primary key
+ *
+ * @access public
+ * @return int id of last inserted row or 0 if none
+ */
+ public function insert_id() {
+ $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
+ if(!is_object($iRes)) return false;
+
+ $aReturn = mysqli_fetch_assoc($iRes);
+ mysqli_free_result($iRes);
+
+ return $aReturn['newid'];
+ }
+
+
+
+ /**
+ * get affected row count
+ *
+ * Gets the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnId)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * check if a utf8 string is valid
+ *
+ * @access public
+ * @param string $string the string to check
+ * @return bool true if it is valid utf8, false otherwise
+ */
+ private function check_utf8($str) {
+ $len = strlen($str);
+ for($i = 0; $i < $len; $i++){
+ $c = ord($str[$i]);
+ if ($c > 128) {
+ if (($c > 247)) return false;
+ elseif ($c > 239) $bytes = 4;
+ elseif ($c > 223) $bytes = 3;
+ elseif ($c > 191) $bytes = 2;
+ else return false;
+ if (($i + $bytes) > $len) return false;
+ while ($bytes > 1) {
+ $i++;
+ $b = ord($str[$i]);
+ if ($b < 128 || $b > 191) return false;
+ $bytes--;
+ }
+ }
+ }
+ return true;
+ } // end of check_utf8
+
+ /**
+ * Escape a string for usage in a query
+ *
+ * @access public
+ * @param string $sString query string to escape
+ * @return string escaped string
+ */
+ public function escape($sString) {
+ if(!is_string($sString) && !is_numeric($sString)) {
+ $sString = '';
+ }
+
+ $cur_encoding = mb_detect_encoding($sString);
+ if($cur_encoding != "UTF-8") {
+ if($cur_encoding != 'ASCII') {
+ if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
+ else $sString = mb_convert_encoding($sString, 'UTF-8');
+ }
+ } elseif(!$this->check_utf8($sString)) {
+ $sString = utf8_encode($sString);
}
- $this->currentRow++;
- return $this->record;
+
+ if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
+ else return addslashes($sString);
}
- // returns number of rows returned by the last select query
- function numRows()
- {
- return mysqli_num_rows($this->queryId);
+ /**
+ *
+ *
+ * @access private
+ */
+ private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
+ global $conf;
+
+ $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
+ $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+
+ //$sAddMsg .= getDebugBacktrace();
+
+ if($this->show_error_messages && $conf['demo_mode'] === false) {
+ echo $sErrormsg . $sAddMsg;
+ }
}
- function affectedRows()
- {
- return mysqli_affected_rows($this->linkId);
+ public function affectedRows() {
+ return $this->affected();
}
// returns mySQL insert id
- function insertID()
- {
- return mysqli_insert_id($this->linkId);
+ public function insertID() {
+ return $this->insert_id();
}
- // Check der variablen
- // deprecated, now use quote
- function check($formfield)
- {
- return $this->quote($formfield);
- }
- // Check der variablen
- function quote($formfield)
- {
- return mysqli_real_escape_string($this->linkId, $formfield);
+ //* Function to quote strings
+ public function quote($formfield) {
+ return $this->escape($formfield);
}
- // Check der variablen
- function unquote($formfield)
- {
+ //* Function to unquotae strings
+ public function unquote($formfield) {
return stripslashes($formfield);
}
- function toLower($record) {
+ public function toLower($record) {
if(is_array($record)) {
foreach($record as $key => $val) {
$key = strtolower($key);
@@ -194,7 +503,7 @@ class db
return $out;
}
-
+ /* TODO: rewrite SQL */
function insert($tablename, $form, $debug = 0)
{
if(is_array($form)){
@@ -213,7 +522,8 @@ class db
if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
}
}
-
+
+ /* TODO: rewrite SQL */
function update($tablename, $form, $bedingung, $debug = 0)
{
@@ -230,218 +540,174 @@ class db
}
}
- function closeConn() {
-
- }
-
- function freeResult() {
-
-
- }
-
- function delete() {
-
- }
-
- function Transaction($action) {
- //action = begin, commit oder rollback
-
- }
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
-
- function createTable($table_name, $columns) {
- $index = "";
- $sql = "CREATE TABLE $table_name (";
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
+ public function createTable($table_name, $columns) {
+ $index = '';
+ $sql = "CREATE TABLE ?? (";
foreach($columns as $col){
- $sql .= $col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
-
- if($col["defaultValue"] != "") {
- if($col["defaultValue"] == "NULL" or $col["defaultValue"] == "NOT NULL") {
- $sql .= "DEFAULT ".$col["defaultValue"]." ";
- } else {
- $sql .= "DEFAULT '".$col["defaultValue"]."' ";
- }
+ $sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
- } elseif($col["defaultValue"] != false) {
- $sql .= "DEFAULT '' ";
- }
- if($col["defaultValue"] != "NULL" && $col["defaultValue"] != "NOT NULL") {
- if($col["notNull"] == true) {
- $sql .= "NOT NULL ";
- } else {
- $sql .= "NULL ";
- }
+ if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
+ if($col['notNull'] == true) {
+ $sql .= 'NOT NULL ';
+ } else {
+ $sql .= 'NULL ';
}
- if($col["autoInc"] == true) $sql .= "auto_increment ";
- $sql.= ",";
+ if($col['autoInc'] == true) $sql .= 'auto_increment ';
+ $sql.= ',';
// key Definitionen
- if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";
- if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";
- if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";
+ if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
+ if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
+ if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
}
$sql .= $index;
$sql = substr($sql, 0, -1);
- $sql .= ")";
-
- $this->query($sql);
+ $sql .= ')';
+ /* TODO: secure parameters */
+ $this->query($sql, $table_name);
return true;
}
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
- function alterTable($table_name, $columns) {
- $index = "";
- $sql = "ALTER TABLE $table_name ";
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
+ public function alterTable($table_name, $columns) {
+ $index = '';
+ $sql = "ALTER TABLE ?? ";
foreach($columns as $col){
- if($col["action"] == 'add') {
- $sql .= "ADD ".$col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
- } elseif ($col["action"] == 'alter') {
- $sql .= "CHANGE ".$col["name"]." ".$col["name_new"]." ".$this->mapType($col["type"], $col["typeValue"])." ";
- } elseif ($col["action"] == 'drop') {
- $sql .= "DROP ".$col["name"]." ";
+ if($col['action'] == 'add') {
+ $sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
+ } elseif ($col['action'] == 'alter') {
+ $sql .= 'CHANGE '.$col['name'].' '.$col['name_new'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
+ } elseif ($col['action'] == 'drop') {
+ $sql .= 'DROP '.$col['name'].' ';
}
- if($col["action"] != 'drop') {
- if($col["defaultValue"] != "") $sql .= "DEFAULT '".$col["defaultValue"]."' ";
- if($col["notNull"] == true) {
- $sql .= "NOT NULL ";
+ if($col['action'] != 'drop') {
+ if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
+ if($col['notNull'] == true) {
+ $sql .= 'NOT NULL ';
} else {
- $sql .= "NULL ";
+ $sql .= 'NULL ';
}
- if($col["autoInc"] == true) $sql .= "auto_increment ";
- $sql.= ",";
- // key Definitionen
- if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";
- if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";
- if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";
+ if($col['autoInc'] == true) $sql .= 'auto_increment ';
+ $sql.= ',';
+ // Index definitions
+ if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
+ if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
+ if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
}
}
$sql .= $index;
$sql = substr($sql, 0, -1);
-
+ /* TODO: secure parameters */
//die($sql);
- $this->query($sql);
+ $this->query($sql, $table_name);
return true;
}
- function dropTable($table_name) {
+ public function dropTable($table_name) {
$this->check($table_name);
- $sql = "DROP TABLE '". $table_name."'";
- return $this->query($sql);
+ $sql = "DROP TABLE ??";
+ return $this->query($sql, $table_name);
}
// gibt Array mit Tabellennamen zur�ck
- function getTables($database_name = '') {
-
- if($database_name == ''){
- $database_name = $this->dbName;
- }
-
- $tables = $this->queryAllRecords("SHOW TABLES FROM `$database_name`");
- $tb_names = array();
- if(is_array($tables) && !empty($tables)){
- for($i = 0; $i < sizeof($tables); $i++){
- $tb_names[$i] = $tables[$i]['Tables_in_'.$database_name];
- }
- }
-
- /*
- $result = mysqli_query("SHOW TABLES FROM `$database_name`");
- $tb_names = array();
- for ($i = 0; $i < mysqli_num_rows($result); $i++) {
- $tb_names[$i] = mysql_tablename($result, $i);
- }
- */
+ public function getTables($database_name = '') {
+ if(!is_object($this->_iConnId)) return false;
+ if($database_name == '') $database_name = $this->dbName;
+ $tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
return $tb_names;
}
// gibt Feldinformationen zur Tabelle zur�ck
/*
- $columns = array(action => add | alter | drop
- name => Spaltenname
- name_new => neuer Spaltenname, nur bei 'alter' belegt
- type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
- typeValue => Wert z.B. bei Varchar
- defaultValue => Default Wert
- notNull => true | false
- autoInc => true | false
- option => unique | primary | index)
-
-
- */
-
+ $columns = array(action => add | alter | drop
+ name => Spaltenname
+ name_new => neuer Spaltenname, nur bei 'alter' belegt
+ type => 42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
+ typeValue => Wert z.B. bei Varchar
+ defaultValue => Default Wert
+ notNull => true | false
+ autoInc => true | false
+ option => unique | primary | index)
+
+
+ */
+ /* TODO: rewrite SQL */
function tableInfo($table_name) {
global $go_api, $go_info;
// Tabellenfelder einlesen
- if($rows = $go_api->db->queryAllRecords("SHOW FIELDS FROM ".$table_name)){
+ if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
- $name = $row[0];
- $default = $row[4];
- $key = $row[3];
- $extra = $row[5];
- $isnull = $row[2];
- $type = $row[1];
+ $name = $row['Field'];
+ $default = $row['Default'];
+ $key = $row['Key'];
+ $extra = $row['Extra'];
+ $isnull = $row['Null'];
+ $type = $row['Type'];
$column = array();
- $column["name"] = $name;
- //$column["type"] = $type;
- $column["defaultValue"] = $default;
- if(stristr($key, "PRI")) $column["option"] = "primary";
- if(stristr($isnull, "YES")) {
- $column["notNull"] = false;
+ $column['name'] = $name;
+ //$column['type'] = $type;
+ $column['defaultValue'] = $default;
+ if(stristr($key, 'PRI')) $column['option'] = 'primary';
+ if(stristr($isnull, 'YES')) {
+ $column['notNull'] = false;
} else {
- $column["notNull"] = true;
+ $column['notNull'] = true;
}
- if($extra == 'auto_increment') $column["autoInc"] = true;
+ if($extra == 'auto_increment') $column['autoInc'] = true;
// Type in Metatype umsetzen
- if(stristr($type, "int(")) $metaType = 'int32';
- if(stristr($type, "bigint")) $metaType = 'int64';
- if(stristr($type, "char")) {
+ if(stristr($type, 'int(')) $metaType = 'int32';
+ if(stristr($type, 'bigint')) $metaType = 'int64';
+ if(stristr($type, 'char')) {
$metaType = 'char';
$tmp_typeValue = explode('(', $type);
- $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);
+ $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
}
- if(stristr($type, "varchar")) {
+ if(stristr($type, 'varchar')) {
$metaType = 'varchar';
$tmp_typeValue = explode('(', $type);
- $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);
+ $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
}
- if(stristr($type, "text")) $metaType = 'text';
- if(stristr($type, "double")) $metaType = 'double';
- if(stristr($type, "blob")) $metaType = 'blob';
+ if(stristr($type, 'text')) $metaType = 'text';
+ if(stristr($type, 'double')) $metaType = 'double';
+ if(stristr($type, 'blob')) $metaType = 'blob';
- $column["type"] = $metaType;
+ $column['type'] = $metaType;
$columns[] = $column;
}
@@ -452,7 +718,7 @@ class db
}
- function mapType($metaType, $typeValue) {
+ public function mapType($metaType, $typeValue) {
global $go_api;
$metaType = strtolower($metaType);
switch ($metaType) {
@@ -472,7 +738,7 @@ class db
return 'char';
break;
case 'varchar':
- if($typeValue < 1) die("Datenbank Fehler: F�r diesen Datentyp ist eine L�ngenangabe notwendig.");
+ if($typeValue < 1) die('Database failure: Lenght required for these data types.');
return 'varchar('.$typeValue.')';
break;
case 'text':
@@ -486,4 +752,238 @@ class db
}
+/**
+ * database query result class
+ *
+ * @package pxFramework
+ *
+ */
+class db_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $_iResId = null;
+ private $_iConnection = null;
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function db_result($iResId, $iConnection) {
+ $this->_iResId = $iResId;
+ $this->_iConnection = $iConnection;
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ public function rows() {
+ if(!is_object($this->_iResId)) return 0;
+ $iRows = mysqli_num_rows($this->_iResId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Get number of affected rows
+ *
+ * Returns the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int amount of affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnection)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnection);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ public function free() {
+ if(!is_object($this->_iResId)) return;
+
+ mysqli_free_result($this->_iResId);
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ public function get() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_assoc($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_row($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+}
+
+/**
+ * database query result class
+ *
+ * emulates a db result set out of an array so you can use array results and db results the same way
+ *
+ * @package pxFramework
+ * @see db_result
+ *
+ *
+ */
+class fakedb_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aResultData = array();
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aLimitedData = array();
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function fakedb_result($aData) {
+ $this->aResultData = $aData;
+ $this->aLimitedData = $aData;
+ reset($this->aLimitedData);
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ // Gibt die Anzahl Zeilen zurück
+ public function rows() {
+ return count($this->aLimitedData);
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ // Gibt ein Ergebnisset frei
+ public function free() {
+ $this->aResultData = array();
+ $this->aLimitedData = array();
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ // Gibt eine Ergebniszeile zurück
+ public function get() {
+ $aItem = null;
+
+ if(!is_array($this->aLimitedData)) return $aItem;
+
+ if(list($vKey, $aItem) = each($this->aLimitedData)) {
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ return $this->get();
+ }
+
+
+
+ /**
+ * Limit the result (like a LIMIT x,y in a SQL query)
+ *
+ * @access public
+ * @param int $iStart offset to start read
+ * @param int iLength amount of datasets to read
+ */
+ public function limit_result($iStart, $iLength) {
+ $this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);
+ }
+
+}
+
+
?>
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index d2d11bf11e3e381683796139da54743f33e92777..1813a19a21e00e7184d24cba5be16f29f573ff92 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -124,7 +124,7 @@ function updateDbAndIni() {
global $inst, $conf;
//* Update $conf array with values from the server.ini that shall be preserved
- $tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
$current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;
@@ -218,8 +218,8 @@ function updateDbAndIni() {
}
//* update the database version in server table
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
- if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
//* If ISPConfig Version < 3.0.3, we will do a full db update
@@ -228,7 +228,7 @@ function updateDbAndIni() {
swriteln($inst->lng('Starting full database update.'));
//** Delete the old database
- if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) {
+ if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.');
}
@@ -239,7 +239,7 @@ function updateDbAndIni() {
$db_tables = $inst->db->getTables();
foreach($db_tables as $table) {
- $inst->db->query("TRUNCATE $table");
+ $inst->db->query("TRUNCATE ??", $table);
}
//** load old data back into database
@@ -262,15 +262,15 @@ function updateDbAndIni() {
}
//* update the database version in server table
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
- if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
if ($conf['powerdns']['installed']) {
swriteln($inst->lng('Starting full PowerDNS database update.'));
//** Delete the old PowerDNS database
- if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) {
+ if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) {
$inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.');
}
@@ -288,7 +288,7 @@ function updateDbAndIni() {
//** Update server ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
@@ -344,12 +344,12 @@ function updateDbAndIni() {
}
$new_ini = array_to_ini($tpl_ini_array);
- $sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
- $inst->db->query($sql);
+ $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+ $inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']);
if($inst->db->dbHost != $inst->dbmaster->dbHost) {
- $sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
- $inst->dbmaster->query($sql);
+ $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+ $inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']);
}
unset($old_ini_array);
unset($tpl_ini_array);
@@ -357,7 +357,7 @@ function updateDbAndIni() {
//** Update system ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1");
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini");
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));
@@ -372,11 +372,11 @@ function updateDbAndIni() {
}
$new_ini = array_to_ini($tpl_ini_array);
- $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1');
+ $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini');
if($tmp['number'] == 0) {
- $inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");
+ $inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
} else {
- $inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");
+ $inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
}
unset($old_ini_array);
unset($tpl_ini_array);
@@ -385,4 +385,24 @@ function updateDbAndIni() {
+function setDefaultServers(){
+ global $inst, $conf;
+
+ // clients
+ $clients = $inst->db->queryAllRecords("SELECT * FROM ".$conf["mysql"]["database"].".client");
+ if(is_array($clients) && !empty($clients)){
+ foreach($clients as $client){
+ // mailserver
+ if(trim($client['mail_servers']) == '') $inst->db->query("UPDATE ?? SET mail_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_mailserver']), $client['client_id']);
+ // webserver
+ if(trim($client['web_servers']) == '') $inst->db->query("UPDATE ?? SET web_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_webserver']), $client['client_id']);
+ // dns server
+ if(trim($client['dns_servers']) == '') $inst->db->query("UPDATE ?? SET dns_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dnsserver']), $client['client_id']);
+ // db server
+ if(trim($client['db_servers']) == '') $inst->db->query("UPDATE ?? SET db_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dbserver']), $client['client_id']);
+ }
+ }
+
+}
+
?>
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 221fde9ef6a2d58500392fbda8ba14e316bdcef5..2b9c168d83209e8629d91dcb6d4b0c7d5ab159c0 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -20,7 +20,7 @@ mbox={EMAIL}.
refresh=7200
retry=540
expire=604800
-minimum=86400
+minimum=3600
ttl=3600
[DNS_RECORDS]
@@ -135,3 +135,10 @@ CREATE TABLE `xmpp_user` (
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
+
+UPDATE `dbispconfig`.`sys_ini` SET `default_logo` = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC' WHERE `sys_ini`.`sysini_id` = 1;
+
+ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NULL DEFAULT '' AFTER `customer_viewable`;
+ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
+ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
+ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 229f76d92cfe18fd637181eb4c4eb614ea72d16f..381c6fd2df60720458bdc251b6bb92b98f14f6f0 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -201,7 +201,7 @@ CREATE TABLE `client` (
`limit_web_ip` text,
`limit_web_domain` int(11) NOT NULL DEFAULT '-1',
`limit_web_quota` int(11) NOT NULL DEFAULT '-1',
- `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm',
+ `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm',
`limit_cgi` enum('n','y') NOT NULL DEFAULT 'n',
`limit_ssi` enum('n','y') NOT NULL DEFAULT 'n',
`limit_perl` enum('n','y') NOT NULL DEFAULT 'n',
@@ -442,6 +442,7 @@ CREATE TABLE IF NOT EXISTS `directive_snippets` (
`type` varchar(255) DEFAULT NULL,
`snippet` mediumtext,
`customer_viewable` ENUM('n','y') NOT NULL DEFAULT 'n',
+ `required_php_snippets` varchar(255) NOT NULL DEFAULT '',
`active` enum('n','y') NOT NULL DEFAULT 'y',
PRIMARY KEY (`directive_snippets_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -465,7 +466,7 @@ CREATE TABLE `dns_rr` (
`type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
- `ttl` int(11) unsigned NOT NULL default '86400',
+ `ttl` int(11) unsigned NOT NULL default '3600',
`active` enum('N','Y') NOT NULL default 'Y',
`stamp` timestamp NOT NULL default CURRENT_TIMESTAMP,
`serial` int(10) unsigned default NULL,
@@ -517,8 +518,8 @@ CREATE TABLE `dns_soa` (
`refresh` int(11) unsigned NOT NULL default '28800',
`retry` int(11) unsigned NOT NULL default '7200',
`expire` int(11) unsigned NOT NULL default '604800',
- `minimum` int(11) unsigned NOT NULL default '86400',
- `ttl` int(11) unsigned NOT NULL default '86400',
+ `minimum` int(11) unsigned NOT NULL default '3600',
+ `ttl` int(11) unsigned NOT NULL default '3600',
`active` enum('N','Y') NOT NULL DEFAULT 'N',
`xfer` varchar(255) NOT NULL DEFAULT '',
`also_notify` varchar(255) default NULL,
@@ -1622,6 +1623,8 @@ CREATE TABLE `sys_group` (
CREATE TABLE `sys_ini` (
`sysini_id` int(11) unsigned NOT NULL auto_increment,
`config` longtext,
+ `default_logo` text NOT NULL,
+ `custom_logo` text NOT NULL,
PRIMARY KEY (`sysini_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -2315,7 +2318,7 @@ INSERT INTO `country` (`iso`, `name`, `printable_name`, `iso3`, `numcode`, `eu`)
-- Dumping data for table `dns_template`
--
-INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=86400\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
+INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=3600\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
-- --------------------------------------------------------
@@ -2370,7 +2373,7 @@ INSERT INTO `sys_group` (`groupid`, `name`, `description`, `client_id`) VALUES (
-- Dumping data for table `sys_ini`
--
-INSERT INTO `sys_ini` (`sysini_id`, `config`) VALUES (1, '');
+INSERT INTO `sys_ini` (`sysini_id`, `config`, `default_logo`, `custom_logo`) VALUES (1, '', 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC', '');
-- --------------------------------------------------------
diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
index 1b9d9dc1555935880984885001fc97a14949ff70..ee77f4e20e0416e7638d2be6e306e920ea6340f9 100644
--- a/install/tpl/debian6_dovecot2.conf.master
+++ b/install/tpl/debian6_dovecot2.conf.master
@@ -7,6 +7,7 @@ mail_privileged_group = vmail
ssl_cert = > Uninstalling ISPConfig 3... \n\n";
- // Delete the ISPConfig database
- // $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
- // $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
-
-// exec("/etc/init.d/mysql stop");
-// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
-// exec("/etc/init.d/mysql start");
-
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
diff --git a/install/update.php b/install/update.php
index 8e05318ae126f60557aca7830f7b5ae315efac48..43942943f1073a049720d3524b7657634fb83d3b 100644
--- a/install/update.php
+++ b/install/update.php
@@ -267,10 +267,8 @@ if($conf['mysql']['master_slave_setup'] == 'y') {
// initialize the connection to the master database
$inst->dbmaster = new db();
if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
- $inst->dbmaster->dbHost = $conf['mysql']["master_host"];
- $inst->dbmaster->dbName = $conf['mysql']["master_database"];
- $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];
- $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];
+ $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);
+ $inst->dbmaster->setDBName($conf['mysql']["master_database"]);
} else {
$inst->dbmaster = $inst->db;
}
@@ -513,6 +511,11 @@ if($reconfigure_services_answer == 'yes') {
}
}
+//* Set default servers
+setDefaultServers();
+
+$inst->create_mount_script();
+
//* Create md5 filelist
$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';
exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 75068744f9f59b042d917bc5f97daa6e736c6f84..949f1643cf1f12d78611adf0f027b3452ffa387e 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -155,15 +155,15 @@ class app {
public function conf($plugin, $key, $value = null) {
if(is_null($value)) {
- $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
if($tmpconf) return $tmpconf['value'];
else return null;
} else {
if($value === false) {
- $this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+ $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
return null;
} else {
- $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
+ $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
return $value;
}
}
@@ -179,8 +179,8 @@ class app {
$server_id = 0;
$priority = $this->functions->intval($priority);
$tstamp = time();
- $msg = $this->db->quote('[INTERFACE]: '.$msg);
- $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+ $msg = '[INTERFACE]: '.$msg;
+ $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
/*
if (is_writable($this->_conf['log_file'])) {
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
diff --git a/interface/lib/classes/aps_crawler.inc.php b/interface/lib/classes/aps_crawler.inc.php
index 4a6409227ea018a2e22ac8b745516f8511203327..9331e4298aca26eb9419566da0c9d1d1beae6013 100644
--- a/interface/lib/classes/aps_crawler.inc.php
+++ b/interface/lib/classes/aps_crawler.inc.php
@@ -356,15 +356,8 @@ class ApsCrawler extends ApsBase
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
- /*
- $app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
- */
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
- $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
- $app->db->quote($ex_ver)."';");
- $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
+ $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_OUTDATED), 'id', $tmp['id']);
unset($tmp);
}
@@ -539,14 +532,12 @@ class ApsCrawler extends ApsBase
// Get registered packages and mark non-existant packages with an error code to omit the install
$existing_packages = array();
- $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
+ $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
foreach($path_query as $path) $existing_packages[] = $path['Path'];
$diff = array_diff($existing_packages, $pkg_list);
foreach($diff as $todelete) {
- /*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
- WHERE path = '".$app->db->quote($todelete)."';");*/
- $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
- $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
+ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
+ $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_ERROR_NOMETA), 'id', $tmp['id']);
unset($tmp);
}
@@ -576,20 +567,17 @@ class ApsCrawler extends ApsBase
//$pkg_url = $this->app_download_url_list[$pkg];
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
- /*
- $app->db->query("INSERT INTO `aps_packages`
- (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
- ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
- '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
- ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
- */
// Insert only if data is complete
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
- $insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
- ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
- '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
- ".$app->db->quote($pkg_release).", '".$app->db->quote($pkg_url)."', ".PACKAGE_ENABLED.");";
-
+ $insert_data = array(
+ "path" => $pkg,
+ "name" => $pkg_name,
+ "category" => $pkg_category,
+ "version" => $pkg_version,
+ "release" => $pkg_release,
+ "package_url" => $pkg_url,
+ "package_status" => PACKAGE_ENABLED
+ );
$app->db->datalogInsert('aps_packages', $insert_data, 'id');
} else {
if(file_exists($this->interface_pkg_dir.'/'.$pkg)) $this->removeDirectory($this->interface_pkg_dir.'/'.$pkg);
@@ -619,12 +607,12 @@ class ApsCrawler extends ApsBase
// This method must be used in interface mode
if(!$this->interface_mode) return false;
- $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
+ $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
if($pkg_url != ''){
- $app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
+ $app->db->datalogUpdate('aps_packages', array("package_url" => $pkg_url), 'id', $incomplete_pkg['id']);
}
}
}
diff --git a/interface/lib/classes/aps_guicontroller.inc.php b/interface/lib/classes/aps_guicontroller.inc.php
index 1f186288699c2756bc4a063b786bbd317d3b0b54..db1c1487f77a5218867d11a82d8f02e165140662 100644
--- a/interface/lib/classes/aps_guicontroller.inc.php
+++ b/interface/lib/classes/aps_guicontroller.inc.php
@@ -100,7 +100,7 @@ class ApsGUIController extends ApsBase
$customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain
WHERE web_domain.sys_groupid = sys_group.groupid
- AND web_domain.domain = '".$app->db->quote($domain)."';");
+ AND web_domain.domain = ?", $domain);
if(!empty($customerdata)) $customerid = $customerdata['client_id'];
return $customerid;
@@ -122,14 +122,14 @@ class ApsGUIController extends ApsBase
$websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain
WHERE domain = (SELECT value FROM aps_instances_settings
- WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");");
+ WHERE name = 'main_domain' AND instance_id = ?)", $instanceid);
// If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged?
// Anyhow, remove this instance record because it's not useful at all
if(empty($websrv))
{
- $app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";");
- $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";");
+ $app->db->query("DELETE FROM aps_instances WHERE id = ?", $instanceid);
+ $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ?", $instanceid);
}
else $webserver_id = $websrv['server_id'];
@@ -154,9 +154,9 @@ class ApsGUIController extends ApsBase
$result = $app->db->queryOneRecord("SELECT id, name,
CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version
FROM aps_packages
- WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).")
+ WHERE name = (SELECT name FROM aps_packages WHERE id = ?)
AND package_status = 2
- ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC");
+ ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC", $id);
if(!empty($result) && ($id != $result['id'])) return $result['id'];
@@ -180,7 +180,7 @@ class ApsGUIController extends ApsBase
'package_status = '.PACKAGE_ENABLED.' AND' :
'(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND';
- $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";");
+ $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ?", $id);
if(!$result) return false;
return true;
@@ -203,9 +203,15 @@ class ApsGUIController extends ApsBase
if(preg_match('/^[0-9]+$/', $id) != 1) return false;
// Only filter if not admin
- $sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : '';
-
- $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';');
+ $params = array();
+ $sql_ext = '';
+ if(!$is_admin) {
+ $sql_ext = 'customer_id = ? AND ';
+ $params[] = $client_id;
+ }
+ $params[] = $id;
+
+ $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = ?', true, $params);
if(!$result) return false;
return true;
@@ -226,7 +232,7 @@ class ApsGUIController extends ApsBase
unset($tmp);
// get information if the webserver is a db server, too
- $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
+ $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ?", $websrv['server_id']);
if($web_server['db_server'] == 1) {
// create database on "localhost" (webserver)
$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
@@ -235,7 +241,7 @@ class ApsGUIController extends ApsBase
$mysql_db_remote_ips = '';
} else {
//* get the default database server of the client
- $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
+ $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $websrv['sys_groupid']);
if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
@@ -262,8 +268,8 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_name'])) {
//* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
+ $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);
if($tmp['number'] == 0) break;
}
$settings['main_database_name'] = $mysql_db_name;
@@ -271,27 +277,52 @@ class ApsGUIController extends ApsBase
if (empty($settings['main_database_login'])) {
//* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
- $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
+ $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
+ $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);
if($tmp['number'] == 0) break;
}
$settings['main_database_login'] = $mysql_db_user;
}
//* Create the mysql database user if not existing
- $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = '".$app->db->quote($settings['main_database_login'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);
if(!$tmp) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
- VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))";
+ $insert_data = array("sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => 0,
+ "database_user" => $settings['main_database_login'],
+ "database_user_prefix" => $dbuser_prefix,
+ "database_password" => "PASSWORD('" . $settings['main_database_password'] . "')"
+ );
$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
}
else $mysql_db_user_id = $tmp['database_user_id'];
//* Create the mysql database if not existing
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($settings['main_database_name'])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);
if($tmp['number'] == 0) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
- VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
+ $insert_data = array("sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => $mysql_db_server_id,
+ "parent_domain_id" => $websrv['domain_id'],
+ "type" => 'mysql',
+ "database_name" => $settings['main_database_name'],
+ "database_name_prefix" => $dbname_prefix,
+ "database_user_id" => $mysql_db_user_id,
+ "database_ro_user_id" => 0,
+ "database_charset" => '',
+ "remote_access" => $mysql_db_remote_access,
+ "remote_ips" => $mysql_db_remote_ips,
+ "backup_copies" => $websrv['backup_copies'],
+ "active" => 'y',
+ "backup_interval" => $websrv['backup_interval']
+ );
$app->db->datalogInsert('web_database', $insert_data, 'database_id');
}
@@ -312,7 +343,7 @@ class ApsGUIController extends ApsBase
$app->uses('tools_sites');
$webserver_id = 0;
- $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';");
+ $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $settings['main_domain']);
if(!empty($websrv)) $webserver_id = $websrv['server_id'];
$customerid = $this->getCustomerIDFromDomain($settings['main_domain']);
@@ -325,18 +356,18 @@ class ApsGUIController extends ApsBase
//* Set PHP mode to php-fcgi and enable suexec in website on apache servers / set PHP mode to PHP-FPM on nginx servers
if($web_config['server_type'] == 'apache') {
if(($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') && $websrv['php'] != 'php-fpm') {
- $app->db->datalogUpdate('web_domain', "php = 'fast-cgi', suexec = 'y'", 'domain_id', $websrv['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("php" => 'fast-cgi', "suexec" => 'y'), 'domain_id', $websrv['domain_id']);
}
} else {
// nginx
if($websrv['php'] != 'php-fpm' && $websrv['php'] != 'fast-cgi') {
- $app->db->datalogUpdate('web_domain', "php = 'php-fpm'", 'domain_id', $websrv['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("php" => 'php-fpm'), 'domain_id', $websrv['domain_id']);
}
}
//* Create the MySQL database for the application if necessary
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $packageid);
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
$sxe = $this->readInMetaFile($metafile);
@@ -345,21 +376,36 @@ class ApsGUIController extends ApsBase
// mysql-database-name is updated inside if not set already
if (!$this->createDatabaseForPackageInstance($settings, $websrv)) return false;
}
-
+
//* Insert new package instance
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
+ $insert_data = array(
+ "sys_userid" => $websrv['sys_userid'],
+ "sys_groupid" => $websrv['sys_groupid'],
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => $websrv['sys_perm_group'],
+ "sys_perm_other" => '',
+ "server_id" => $webserver_id,
+ "customer_id" => $customerid,
+ "package_id" => $packageid,
+ "instance_status" => INSTANCE_PENDING
+ );
$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
//* Insert all package settings
if(is_array($settings)) {
foreach($settings as $key => $value) {
- $insert_data = "(server_id, instance_id, name, value) VALUES (".$app->db->quote($webserver_id).",".$app->db->quote($InstanceID).", '".$app->db->quote($key)."', '".$app->db->quote($value)."')";
+ $insert_data = array(
+ "server_id" => $webserver_id,
+ "instance_id" => $InstanceID,
+ "name" => $key,
+ "value" => $value
+ );
$app->db->datalogInsert('aps_instances_settings', $insert_data, 'id');
}
}
//* Set package status to install afetr we inserted the settings
- $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $InstanceID);
+ $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_INSTALL), 'id', $InstanceID);
}
/**
@@ -371,28 +417,18 @@ class ApsGUIController extends ApsBase
public function deleteInstance($instanceid, $keepdatabase = false)
{
global $app;
- /*
- $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";");
-
- $webserver_id = $this->getInstanceDataForDatalog($instanceid);
- if($webserver_id == '') return;
-
- // Create a sys_datalog entry for deletion
- $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);
- $app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
- */
if (!$keepdatabase) {
- $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ? LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $instanceid);
if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
$database_user = $tmp['database_user_id'];
- $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'");
+ $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = ? OR `database_ro_user_id` = ?", $database_user, $database_user);
if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);
}
- $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid);
+ $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_REMOVE), 'id', $instanceid);
}
@@ -406,7 +442,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
@@ -528,7 +564,7 @@ class ApsGUIController extends ApsBase
if(in_array($postinput['main_domain'], $domains))
{
$docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($postinput['main_domain'])."';");
+ WHERE domain = ?", $postinput['main_domain']);
$new_path = $docroot['document_root'];
if(substr($new_path, -1) != '/') $new_path .= '/';
$new_path .= $main_location;
@@ -543,13 +579,13 @@ class ApsGUIController extends ApsBase
$instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain
FROM aps_instances AS i, aps_instances_settings AS s
WHERE i.id = s.instance_id AND s.name = 'main_domain'
- AND i.customer_id = '".$app->db->quote($customerid)."';");
+ AND i.customer_id = ?", $customerid);
for($i = 0; $i < count($instance_domains); $i++)
{
$used_path = '';
$doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain
- WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';");
+ WHERE domain = ?", $instance_domains[$i]['domain']);
// Probably the domain settings were changed later, so make sure the doc_root
// is not empty for further validation
@@ -560,7 +596,7 @@ class ApsGUIController extends ApsBase
$location_for_domain = $app->db->queryOneRecord("SELECT value
FROM aps_instances_settings WHERE name = 'main_location'
- AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");
+ AND instance_id = ?", $instance_domains[$i]['instance_id']);
// The location might be empty but the DB return must not be false!
if($location_for_domain) $used_path .= $location_for_domain['value'];
@@ -693,7 +729,7 @@ class ApsGUIController extends ApsBase
{
global $app;
- $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
+ $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 70c1722aedc9ff7b48226fa61d3f38cc0a6a105d..ae626b7e6fb65603ef53f2ca3bbf0143b746e1c6 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -57,7 +57,7 @@ class auth {
global $app, $conf;
$userid = $app->functions->intval($userid);
- $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
if($client['limit_client'] != 0) {
return true;
} else {
@@ -73,12 +73,12 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
if(!in_array($groupid, $groups)) $groups[] = $groupid;
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
@@ -95,7 +95,7 @@ class auth {
// simple query cache
if($this->client_limits===null)
- $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
+ $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
// isn't client -> no limit
if(!$this->client_limits)
@@ -114,13 +114,13 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
$key = array_search($groupid, $groups);
unset($groups[$key]);
$groups_string = implode(',', $groups);
- $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+ $app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
@@ -129,11 +129,32 @@ class auth {
public function check_module_permissions($module) {
// Check if the current user has the permissions to access this module
+ $module = trim(preg_replace('@\s+@', '', $module));
$user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);
- if(!in_array($module,$user_modules)) {
- // echo "LOGIN_REDIRECT:/index.php";
- header("Location: /index.php");
- exit;
+ if(strpos($module, ',') !== false){
+ $can_use_module = false;
+ $tmp_modules = explode(',', $module);
+ if(is_array($tmp_modules) && !empty($tmp_modules)){
+ foreach($tmp_modules as $tmp_module){
+ if($tmp_module != ''){
+ if(in_array($tmp_module,$user_modules)) {
+ $can_use_module = true;
+ break;
+ }
+ }
+ }
+ }
+ if(!$can_use_module){
+ // echo "LOGIN_REDIRECT:/index.php";
+ header("Location: /index.php");
+ exit;
+ }
+ } else {
+ if(!in_array($module,$user_modules)) {
+ // echo "LOGIN_REDIRECT:/index.php";
+ header("Location: /index.php");
+ exit;
+ }
}
}
diff --git a/interface/lib/classes/client_templates.inc.php b/interface/lib/classes/client_templates.inc.php
index 993936b2cead67d8b1359ed5399c3933364eafcf..e3141d792ea83332e05b8eef160c7f97f76c0fdf 100644
--- a/interface/lib/classes/client_templates.inc.php
+++ b/interface/lib/classes/client_templates.inc.php
@@ -49,7 +49,7 @@ class client_templates {
if($old_style == true) {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
foreach($in_db as $item) {
if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@ class client_templates {
if($count > 0) {
// add new template to client (includes those from old-style without assigned_template_id)
for($i = $count; $i > 0; $i--) {
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
}
} elseif($count < 0) {
// remove old ones
for($i = $count; $i < 0; $i++) {
- $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
}
}
}
} else {
// we have to take care of this in an other way
- $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
// check which templates were removed from this client
foreach($in_db as $item) {
if(in_array($item['assigned_template_id'], $used_assigned) == false) {
// delete this one
- $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
+ $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
}
}
}
@@ -86,7 +86,7 @@ class client_templates {
if(count($new_tpl) > 0) {
foreach($new_tpl as $item) {
// add new template to client (includes those from old-style without assigned_template_id)
- $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
+ $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
}
}
}
@@ -106,8 +106,8 @@ class client_templates {
/*
* Get the master-template for the client
*/
- $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
+ $record = $app->db->queryOneRecord($sql, $clientId);
$masterTemplateId = $record['template_master'];
$is_reseller = ($record['limit_client'] != 0)?true:false;
@@ -115,15 +115,15 @@ class client_templates {
// we have to call the update_client_templates function
$templates = explode('/', $record['template_additional']);
$this->update_client_templates($clientId, $templates);
- $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
}
/*
* if the master-Template is custom there is NO changing
*/
if ($masterTemplateId > 0){
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
- $limits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $limits = $app->db->queryOneRecord($sql, $masterTemplateId);
} else {
// if there is no master template it makes NO SENSE adding sub templates.
// adding subtemplates are stored in client limits, so they would add up
@@ -136,11 +136,11 @@ class client_templates {
* if != -1)
*/
$addTpl = explode('/', $additionalTemplateStr);
- $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+ $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
foreach ($addTpls as $addTpl){
$item = $addTpl['client_template_id'];
- $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
- $addLimits = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_template WHERE template_id = ?";
+ $addLimits = $app->db->queryOneRecord($sql, $item);
$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
/* maybe the template is deleted in the meantime */
if (is_array($addLimits)){
@@ -232,6 +232,7 @@ class client_templates {
* Write all back to the database
*/
$update = '';
+ $update_values = array();
if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
foreach($limits as $k => $v){
if (strpos($k, 'default') !== false and $v == 0) {
@@ -239,13 +240,16 @@ class client_templates {
}
if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
if ($update != '') $update .= ', ';
- $update .= '`' . $k . "`='" . $v . "'";
+ $update .= '?? = ?';
+ $update_values[] = $k;
+ $update_values[] = $v;
}
}
+ $update_values[] = $clientId;
$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
if($update != '') {
- $sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
- $app->db->query($sql);
+ $sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
+ $app->db->query($sql, true, $update_values);
}
unset($form);
}
diff --git a/interface/lib/classes/custom_datasource.inc.php b/interface/lib/classes/custom_datasource.inc.php
index 16036f599c3fe94803cabe98a3cfd3592f7de7dd..414de29dcc0bdc7a87d327b5f7d3c6da66a590b9 100644
--- a/interface/lib/classes/custom_datasource.inc.php
+++ b/interface/lib/classes/custom_datasource.inc.php
@@ -47,12 +47,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -69,12 +69,12 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
+ $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
} else {
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
}
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $client['default_slave_dnsserver']);
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
@@ -99,7 +99,7 @@ class custom_datasource {
}
if(count($server_ids) == 0) return array();
$server_ids = implode(',', $server_ids);
- $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+ $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN ? AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain", $server_ids);
$records_new = array();
if(is_array($records)) {
@@ -159,22 +159,25 @@ class custom_datasource {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?";
+ $client = $app->db->queryOneRecord($sql, $client_group_id);
if($client['server_id'] > 0) {
//* Select the default server for the client
- $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
+ $records = $app->db->queryAllRecords($sql, $client['server_id']);
} else {
//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
} else {
//* The logged in user is admin, so we show him all available servers of a specific type.
- $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+ $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";
+ $records = $app->db->queryAllRecords($sql, $field);
}
- $records = $app->db->queryAllRecords($sql);
+
$records_new = array();
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index 59dcff88ad1cfada2f7477e7ec1a77f72f7d925a..e4c8d319671e5dd14d32fef84c7ba30699a705b1 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -128,8 +128,10 @@ class db extends mysqli
$sTxt = $this->escape($sValue);
$sTxt = str_replace('`', '', $sTxt);
- if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
- else $sTxt = '`' . $sTxt . '`';
+ if(strpos($sTxt, '.') !== false) {
+ $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ $sTxt = str_replace('.`*`', '.*', $sTxt);
+ } else $sTxt = '`' . $sTxt . '`';
$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
$iPos2 += strlen($sTxt);
@@ -137,13 +139,17 @@ class db extends mysqli
} else {
if(is_int($sValue) || is_float($sValue)) {
$sTxt = $sValue;
- } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ } elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
- $sTxt = '';
- foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
- $sTxt = '(' . substr($sTxt, 1) . ')';
- if($sTxt == '()') $sTxt = '(0)';
+ if(isset($sValue['SQL'])) {
+ $sTxt = $sValue['SQL'];
+ } else {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ }
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
@@ -534,7 +540,27 @@ class db extends mysqli
}
return $out;
}
-
+
+ public function insertFromArray($tablename, $data) {
+ if(!is_array($data)) return false;
+
+ $k_query = '';
+ $v_query = '';
+
+ $params = array($tablename);
+ $v_params = array();
+
+ foreach($data as $key => $value) {
+ $k_query .= ($k_query != '' ? ', ' : '') . '??';
+ $v_query .= ($v_query != '' ? ', ' : '') . '?';
+ $params[] = $key;
+ $v_params[] = $value;
+ }
+
+ $query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
+ return $this->query($query, true, $params + $v_params);
+ }
+
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
$diff_num = 0;
@@ -578,7 +604,6 @@ class db extends mysqli
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
- $primary_field = $this->quote($primary_field);
$primary_id = intval($primary_id);
if($force_update == true) {
@@ -626,20 +651,27 @@ class db extends mysqli
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
+ $params = array($tablename);
+ $v_params = array();
foreach($insert_data as $key => $val) {
- $key_str .= "`".$key ."`,";
- $val_str .= "'".$this->escape($val)."',";
+ $key_str .= '??,';
+ $params[] = $key;
+
+ $val_str .= '?,';
+ $v_params[] = $val;
}
$key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1);
$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
+ $this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
} else {
+ /* TODO: deprecate this method! */
$insert_data_str = $insert_data;
+ $this->query("INSERT INTO ?? $insert_data_str", $tablename);
+ $app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
- /* TODO: reduce risk of insert_data_str! */
-
+
$old_rec = array();
- $this->query("INSERT INTO ?? $insert_data_str", $tablename);
$index_value = $this->insertID();
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
@@ -658,17 +690,24 @@ class db extends mysqli
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
+ $params = array($tablename);
$update_data_str = '';
foreach($update_data as $key => $val) {
- $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";
+ $update_data_str .= '?? = ?,';
+ $params[] = $key;
+ $params[] = $val;
}
+ $params[] = $index_field;
+ $params[] = $index_value;
$update_data_str = substr($update_data_str, 0, -1);
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);
} else {
+ /* TODO: deprecate this method! */
$update_data_str = $update_data;
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
}
- /* TODO: reduce risk of update_data_str */
- $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 2be5fb7df0bbd98c55bcf01a8ca87d5f863a3901..43eec67fc89467b4003fa6d712f88f480049e8e8 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -202,7 +202,7 @@ class functions {
}
$ips = array();
- $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");
+ $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = ?", $type);
if(!empty($results) && is_array($results)){
foreach($results as $result){
if(preg_match($regex, $result['ip'])){
@@ -230,39 +230,6 @@ class functions {
}
}
- /*
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_slave WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT xfer FROM dns_soa WHERE xfer != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['xfer']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- $results = $app->db->queryAllRecords("SELECT also_notify FROM dns_soa WHERE also_notify != ''");
- if(!empty($results) && is_array($results)){
- foreach($results as $result){
- $tmp_ips = explode(',', $result['also_notify']);
- foreach($tmp_ips as $tmp_ip){
- $tmp_ip = trim($tmp_ip);
- if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;
- }
- }
- }
- */
-
$results = $app->db->queryAllRecords("SELECT remote_ips FROM web_database WHERE remote_ips != ''");
if(!empty($results) && is_array($results)){
foreach($results as $result){
@@ -413,6 +380,15 @@ class functions {
return true;
}
+
+ public function getimagesizefromstring($string){
+ if (!function_exists('getimagesizefromstring')) {
+ $uri = 'data://application/octet-stream;base64,' . base64_encode($string);
+ return getimagesize($uri);
+ } else {
+ return getimagesizefromstring($string);
+ }
+ }
}
diff --git a/interface/lib/classes/getconf.inc.php b/interface/lib/classes/getconf.inc.php
index a246b1853c13d04339d1a6e1c6f04c0d9e99ab85..ef9e0702d212db0b3a773b4c5a0dc900af8e4153 100644
--- a/interface/lib/classes/getconf.inc.php
+++ b/interface/lib/classes/getconf.inc.php
@@ -39,7 +39,7 @@ class getconf {
if(!isset($this->config[$server_id])) {
$app->uses('ini_parser');
$server_id = $app->functions->intval($server_id);
- $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);
+ $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);
$this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));
}
return ($section == '') ? $this->config[$server_id] : $this->config[$server_id][$section];
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index cc3f761ae33a7b41704c11e32292912bcd0833aa..c8a9225a2f0e5468050074a1030c0b0bc1cf4840 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -246,6 +246,7 @@ class listform {
return $this->pagingValues[$key];
}
+ /* TODO: maybe rewrite sql */
public function getPagingSQL($sql_where = '1')
{
global $app, $conf;
@@ -283,7 +284,7 @@ class listform {
if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
$sql_von = $app->functions->intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
- $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where");
+ $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);
$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
@@ -482,7 +483,8 @@ class listform {
}
return $record;
}
-
+
+ /* TODO: check double quoting of SQL */
public function encode($record)
{
global $app;
diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index 0062d8e3ae6725eb8e3f3b912d6666f2f3dc2e85..3a3ac6e129a2624e8c3f41d434ce42413d484560 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -190,6 +190,7 @@ class listform_actions {
return $rec;
}
+ /* TODO: maybe rewrite SQL */
public function getQueryString($no_limit = false) {
global $app;
$sql_where = '';
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index c399d87622a01c353c4b93a6dbd54389c246cdbc..f47a819a5b29b6b20dc83a84e5695b46981382e6 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -56,56 +56,42 @@ class plugin_backuplist extends plugin_base {
$backup_id = $app->functions->intval($_GET['backup_id']);
//* check if the user is owner of the parent domain
- $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
+ $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);
$check_perm = 'u';
if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
- $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));
+ $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);
if(empty($get_domain) || !$get_domain) {
$app->error($app->tform->lng('no_domain_perm'));
}
if($_GET['backup_action'] == 'download' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['download_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['download_pending_txt'];
}
}
if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
$server_id = $this->form->dataRecord['server_id'];
- $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", " .
- time() . ", " .
- "'backup_restore', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -115,8 +101,8 @@ class plugin_backuplist extends plugin_base {
//* Get the data
$server_ids = array_unique($server_ids);
- $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
- $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ".$app->functions->intval($this->form->id));
+ $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
+ $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
if(is_array($databases) && !empty($databases)){
foreach($databases as $database){
@@ -124,8 +110,8 @@ class plugin_backuplist extends plugin_base {
}
}
$server_ids = array_unique($server_ids);
- $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id IN (".implode(',', $server_ids).") ORDER BY tstamp DESC, backup_type ASC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
@@ -140,6 +126,10 @@ class plugin_backuplist extends plugin_base {
$rec['download_available'] = true;
if($rec['server_id'] != $web['server_id']) $rec['download_available'] = false;
+
+ if($rec['filesize'] > 0){
+ $rec['filesize'] = $app->functions->currency_format($rec['filesize']/(1024*1024), 'client').' MB';
+ }
$records_new[] = $rec;
}
diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php
index 847428389e82de6ca00ff742fe499571e76bd951..901901a3ed62cc7642d472809ef99ee99aa132c5 100644
--- a/interface/lib/classes/plugin_backuplist_mail.inc.php
+++ b/interface/lib/classes/plugin_backuplist_mail.inc.php
@@ -55,42 +55,15 @@ class plugin_backuplist_mail extends plugin_base {
if(isset($_GET['backup_action'])) {
$backup_id = $app->functions->intval($_GET['backup_id']);
-/*
- if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
- if($tmp['number'] == 0) {
- $message .= $wb['download_info_txt'];
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
- } else {
- $error .= $wb['download_pending_txt'];
- }
- }
-*/
+
if($_GET['backup_action'] == 'restore_mail' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
if($tmp['number'] == 0) {
$message .= $wb['restore_info_txt'];
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_restore_mail', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";
+ $app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
} else {
$error .= $wb['restore_pending_txt'];
}
@@ -98,8 +71,8 @@ class plugin_backuplist_mail extends plugin_base {
}
//* Get the data
- $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ".$this->form->id." ORDER BY tstamp DESC";
- $records = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ? ORDER BY tstamp DESC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
foreach($records as $rec) {
diff --git a/interface/lib/classes/plugin_dbhistory.inc.php b/interface/lib/classes/plugin_dbhistory.inc.php
index c6547311106ab330d4cee9975af6b18711f9b4b8..3ad5d42ec05c57a459047e6b342f59ff5979ae30 100644
--- a/interface/lib/classes/plugin_dbhistory.inc.php
+++ b/interface/lib/classes/plugin_dbhistory.inc.php
@@ -47,12 +47,13 @@ class plugin_dbhistory extends plugin_base {
$db_table_idx = $app->tform->formDef["db_table_idx"];
$primary_id = $this->form->id;
if($_SESSION["s"]["user"]["typ"] == 'admin') {
- $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+ $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";
+ $records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);
} else {
- $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+ $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";
+ $records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);
}
- $records = $app->db->queryAllRecords($sql);
if(is_array($records)) {
$content .= '
';
foreach($records as $rec) {
diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index e7d576cd17a58c9af14ac3e4f7761ed4ea520bbb..bc764caefe0dbb144b53d6c87826bad5edb0a637 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -126,7 +126,7 @@ class plugin_listview extends plugin_base {
// Get the data
- $records = $app->db->queryAllRecords("SELECT * FROM ".$app->listform->listDef["table"]." WHERE $sql_where $sql_order_by $limit_sql");
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE $sql_where $sql_order_by $limit_sql", $app->listform->listDef["table"]);
$bgcolor = "#FFFFFF";
if(is_array($records)) {
@@ -174,6 +174,58 @@ class plugin_listview extends plugin_base {
$_SESSION["s"]["form"]["return_to"] = $list_name;
//die(print_r($_SESSION["s"]["list"][$list_name]));
+ // defaults
+ $listTpl->setVar('app_title', $app->_conf['app_title']);
+ if(isset($_SESSION['s']['user'])) {
+ $listTpl->setVar('app_version', $app->_conf['app_version']);
+ // get pending datalog changes
+ $datalog = $app->db->datalogStatus();
+ $listTpl->setVar('datalog_changes_txt', $app->lng('datalog_changes_txt'));
+ $listTpl->setVar('datalog_changes_end_txt', $app->lng('datalog_changes_end_txt'));
+ $listTpl->setVar('datalog_changes_count', $datalog['count']);
+ $listTpl->setLoop('datalog_changes', $datalog['entries']);
+ } else {
+ $listTpl->setVar('app_version', '');
+ }
+ $listTpl->setVar('app_link', $app->_conf['app_link']);
+
+ $listTpl->setVar('app_logo', $app->_conf['logo']);
+
+ $listTpl->setVar('phpsessid', session_id());
+
+ $listTpl->setVar('theme', $_SESSION['s']['theme']);
+ $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']);
+
+ $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation'));
+ //print_r($_SESSION);
+ if(isset($_SESSION['s']['module']['name'])) {
+ $listTpl->setVar('app_module', $_SESSION['s']['module']['name']);
+ }
+ if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
+ $listTpl->setVar('is_admin', 1);
+ }
+ if(isset($_SESSION['s']['user']) && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $listTpl->setVar('is_reseller', 1);
+ }
+ /* Show username */
+ if(isset($_SESSION['s']['user'])) {
+ $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']);
+ $listTpl->setVar('logout_txt', $app->lng('logout_txt'));
+ /* Show search field only for normal users, not mail users */
+ if(stristr($_SESSION['s']['user']['username'], '@')){
+ $listTpl->setVar('usertype', 'mailuser');
+ } else {
+ $listTpl->setVar('usertype', 'normaluser');
+ }
+ }
+
+ /* Global Search */
+ $listTpl->setVar('globalsearch_resultslimit_of_txt', $app->lng('globalsearch_resultslimit_of_txt'));
+ $listTpl->setVar('globalsearch_resultslimit_results_txt', $app->lng('globalsearch_resultslimit_results_txt'));
+ $listTpl->setVar('globalsearch_noresults_text_txt', $app->lng('globalsearch_noresults_text_txt'));
+ $listTpl->setVar('globalsearch_noresults_limit_txt', $app->lng('globalsearch_noresults_limit_txt'));
+ $listTpl->setVar('globalsearch_searchfield_watermark_txt', $app->lng('globalsearch_searchfield_watermark_txt'));
+
return $listTpl->grab();
}
diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 794db538b9e304efb04633f3d88f3eb98f1d95b5..24a3ce3d0d65a867640dbe165d14cb57be56a820 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -103,9 +103,9 @@ class quota_lib {
// select vhosts (belonging to client)
if($clientid != null){
- $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+ $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)";
}
- $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where);
+ $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where, $clientid);
$hostnames = array();
$traffic_data = array();
@@ -120,12 +120,12 @@ class quota_lib {
$tmp_year = date('Y');
$tmp_month = date('m');
// This Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_month'] = $tmp_rec['t'];
}
// This Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['this_year'] = $tmp_rec['t'];
}
@@ -133,21 +133,21 @@ class quota_lib {
$tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
$tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
// Last Month
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_month'] = $tmp_rec['t'];
}
$tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
// Last Year
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['last_year'] = $tmp_rec['t'];
}
if (is_int($lastdays) && ($lastdays > 0)) {
// Last xx Days
- $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ".$app->db->quote($lastdays)." DAY)) AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname");
+ $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ? DAY)) AND hostname IN ? GROUP BY hostname", $lastdays, $hostnames);
foreach ($tmp_recs as $tmp_rec) {
$traffic_data[$tmp_rec['hostname']]['lastdays'] = $tmp_rec['t'];
}
diff --git a/interface/lib/classes/remote.d/admin.inc.php b/interface/lib/classes/remote.d/admin.inc.php
index ba966fe1aba371daaf03fcb19844fa1681f4b8c7..2541ca5c19f35bebd850e4a6f3435ea79bfd738c 100644
--- a/interface/lib/classes/remote.d/admin.inc.php
+++ b/interface/lib/classes/remote.d/admin.inc.php
@@ -60,7 +60,7 @@ class remoting_admin extends remoting {
switch($key) {
case 'sys_userid':
// check if userid is valid
- $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value));
if(!$check || !$check['userid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
return false;
@@ -69,7 +69,7 @@ class remoting_admin extends remoting {
break;
case 'sys_groupid':
// check if groupid is valid
- $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+ $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value));
if(!$check || !$check['groupid']) {
$this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
return false;
diff --git a/interface/lib/classes/remote.d/aps.inc.php b/interface/lib/classes/remote.d/aps.inc.php
index 78c066c5eb1298f06381d2b42be45bd186f9b5cb..b626f1b7abf6b21d7037b02b654a28af53495e9e 100644
--- a/interface/lib/classes/remote.d/aps.inc.php
+++ b/interface/lib/classes/remote.d/aps.inc.php
@@ -241,8 +241,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM web_domain WHERE domain = '".$app->db->quote($params['main_domain'])."'";
- $domain = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM web_domain WHERE domain = ?";
+ $domain = $app->db->queryOneRecord($sql, $params['main_domain']);
if (!$domain) {
$this->server->fault('invalid parameters', 'No valid domain given.');
@@ -269,8 +269,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -283,8 +283,8 @@ class remoting_aps extends remoting {
return false;
}
- $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM aps_instances_settings WHERE instance_id = ?";
+ $result = $app->db->queryAllRecords($sql, $app->functions->intval($primary_id));
return $result;
}
@@ -301,8 +301,8 @@ class remoting_aps extends remoting {
$gui = new ApsGUIController($app);
// Check if Instance exists
- $sql = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM aps_instances WHERE id = ?";
+ $result = $app->db->queryOneRecord($sql, $primary_id);
if (!$result) {
$this->server->fault('instance_error', 'No valid instance id given.');
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index d780ec8533d19411fd18804c7771f72ece851a77..cccc04f110baa654e789d89f3ba0014afcfa2051 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -65,7 +65,7 @@ class remoting_client extends remoting {
if(isset($data['client_id'])) {
// this is a single record
if($data['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $data['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -78,7 +78,7 @@ class remoting_client extends remoting {
// multiple client records
foreach($data as $index => $client) {
if($client['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $client['client_id']);
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
$tpl_arr = array();
if($tpls) {
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
@@ -104,7 +104,7 @@ class remoting_client extends remoting {
$sys_userid = $app->functions->intval($sys_userid);
- $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ".$sys_userid);
+ $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
if(isset($rec['client_id'])) {
return $app->functions->intval($rec['client_id']);
} else {
@@ -125,7 +125,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
if(is_array($rec)) {
return $rec;
@@ -145,7 +145,7 @@ class remoting_client extends remoting {
$client_id = $app->functions->intval($client_id);
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client_id);
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
if(isset($rec['groupid'])) {
return $app->functions->intval($rec['groupid']);
} else {
@@ -169,7 +169,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -208,7 +208,7 @@ class remoting_client extends remoting {
if($params['parent_client_id']) {
// check if this one is reseller
- $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
if($check['limit_client'] == 0) {
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
return false;
@@ -221,7 +221,7 @@ class remoting_client extends remoting {
}
// we need the previuos templates assigned here
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $old_rec['template_additional']);
@@ -258,8 +258,8 @@ class remoting_client extends remoting {
}
if(@is_numeric($client_id)) {
- $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ".$client_id;
- return $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
+ return $app->db->queryOneRecord($sql, $client_id);
} else {
$this->server->fault('The ID must be an integer.');
return array();
@@ -270,10 +270,10 @@ class remoting_client extends remoting {
global $app;
$this->id = $client_id;
- $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ' . $client_id);
+ $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
$this->oldDataRecord = $this->dataRecord;
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -297,13 +297,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ' . $template_id);
+ $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -312,8 +312,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (" . $client_id . ", " . $template_id . ")";
- $app->db->query($sql);
+ $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
+ $app->db->query($sql, $client_id, $template_id);
$insert_id = $app->db->insertID();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -335,13 +335,13 @@ class remoting_client extends remoting {
if(@is_numeric($client_id) && @is_numeric($template_id)) {
// check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
if(!$check) {
$this->server->fault('Invalid client');
return false;
}
// check if template exists
- $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $assigned_template_id);
+ $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);
if(!$check) {
$this->server->fault('Invalid template');
return false;
@@ -350,8 +350,8 @@ class remoting_client extends remoting {
// for the update event we have to cheat a bit
$this->_set_client_formdata($client_id);
- $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = " . $template_id . " AND `client_id` = " . $client_id;
- $app->db->query($sql);
+ $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
+ $app->db->query($sql, $template_id, $client_id);
$affected_rows = $app->db->affectedRows();
$app->plugin->raiseEvent('client:client:on_after_update', $this);
@@ -395,15 +395,15 @@ class remoting_client extends remoting {
if($client_id > 0) {
//* remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
//* delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
//* delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
//* Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
@@ -413,7 +413,7 @@ class remoting_client extends remoting {
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -428,11 +428,11 @@ class remoting_client extends remoting {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
@@ -468,8 +468,7 @@ class remoting_client extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $username = $app->db->quote($username);
- $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$username."'");
+ $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
if (isset($rec)) {
return $rec;
} else {
@@ -477,6 +476,27 @@ class remoting_client extends remoting {
return false;
}
}
+
+ public function client_get_by_customer_no($session_id, $customer_no) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $customer_no = trim($customer_no);
+ if($customer_no == '') {
+ throw new SoapFault('permission_denied', 'There was no customer number specified.');
+ return false;
+ }
+ $customer_no = $app->db->quote($customer_no);
+ $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
+ if (isset($rec)) {
+ return $rec;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
+ return false;
+ }
+ }
/**
* Get All client_id's from database
@@ -517,13 +537,12 @@ class remoting_client extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ".$client_id);
+ $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
if($client['client_id'] > 0) {
- $new_password = $app->db->quote($new_password);
- $sql = "UPDATE client SET password = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
- $sql = "UPDATE sys_user SET passwort = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET password = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
return true;
} else {
throw new SoapFault('no_client_found', 'There is no user account for this client_id');
@@ -567,8 +586,8 @@ class remoting_client extends remoting {
}
//* Check failed logins
- $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
- $alreadyfailed = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
@@ -582,8 +601,8 @@ class remoting_client extends remoting {
if(strstr($username,'@')) {
// Check against client table
- $sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client WHERE email = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['password']);
@@ -614,8 +633,8 @@ class remoting_client extends remoting {
} else {
// Check against sys_user table
- $sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE username = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -649,15 +668,14 @@ class remoting_client extends remoting {
//* Log failed login attempts
if($user === false) {
- $time = time();
if(!$alreadyfailed['times'] ) {
//* user login the first time wrong
- $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";
- $app->db->query($sql);
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $remote_ip);
} elseif($alreadyfailed['times'] >= 1) {
//* update times wrong
- $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";
- $app->db->query($sql);
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $remote_ip);
}
}
diff --git a/interface/lib/classes/remote.d/dns.inc.php b/interface/lib/classes/remote.d/dns.inc.php
index 1e9526a12faf52db8bb00192e9655794021a886e..57f7040e28553377f1e34cf9b77dc178c557b98c 100644
--- a/interface/lib/classes/remote.d/dns.inc.php
+++ b/interface/lib/classes/remote.d/dns.inc.php
@@ -50,9 +50,9 @@ class remoting_dns extends remoting {
return false;
}
- $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ".$app->functions->intval($client_id));
+ $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ?", $client_id);
$server_id = $client["default_dnsserver"];
- $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
+ $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
$tform_def_file = "../../web/dns/form/dns_soa.tform.php";
$app->uses('tform');
@@ -95,11 +95,11 @@ class remoting_dns extends remoting {
if($section == 'dns_records') {
$parts = explode('|', $row);
$dns_rr[] = array(
- 'name' => $app->db->quote($parts[1]),
- 'type' => $app->db->quote($parts[0]),
- 'data' => $app->db->quote($parts[2]),
- 'aux' => $app->db->quote($parts[3]),
- 'ttl' => $app->db->quote($parts[4])
+ 'name' => $parts[1],
+ 'type' => $parts[0],
+ 'data' => $parts[2],
+ 'aux' => $parts[3],
+ 'ttl' => $parts[4]
);
}
}
@@ -117,30 +117,62 @@ class remoting_dns extends remoting {
if($error == '') {
// Insert the soa record
- $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ".$app->functions->intval($client_id));
+ $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ?", $client_id);
$sys_userid = $tmp['userid'];
$sys_groupid = $tmp['default_group'];
unset($tmp);
- $origin = $app->db->quote($vars['origin']);
- $ns = $app->db->quote($vars['ns']);
- $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
- $refresh = $app->db->quote($vars['refresh']);
- $retry = $app->db->quote($vars['retry']);
- $expire = $app->db->quote($vars['expire']);
- $minimum = $app->db->quote($vars['minimum']);
- $ttl = $app->db->quote($vars['ttl']);
- $xfer = $app->db->quote($vars['xfer']);
- $also_notify = $app->db->quote($vars['also_notify']);
- $update_acl = $app->db->quote($vars['update_acl']);
+ $origin = $vars['origin'];
+ $ns = $vars['ns'];
+ $mbox = str_replace('@', '.', $vars['mbox']);
+ $refresh = $vars['refresh'];
+ $retry = $vars['retry'];
+ $expire = $vars['expire'];
+ $minimum = $vars['minimum'];
+ $ttl = $vars['ttl'];
+ $xfer = $vars['xfer'];
+ $also_notify = $vars['also_notify'];
+ $update_acl = $vars['update_acl'];
$serial = $app->validate_dns->increase_serial(0);
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => $xfer,
+ "also_notify" => $also_notify,
+ "update_acl" => $update_acl
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
// Insert the dns_rr records
if(is_array($dns_rr) && $dns_soa_id > 0) {
foreach($dns_rr as $rr) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
@@ -180,7 +212,7 @@ class remoting_dns extends remoting {
return false;
}
- $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like '".$origin."%'");
+ $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like ?", $origin."%");
if(isset($rec['id'])) {
return $app->functions->intval($rec['id']);
} else {
@@ -764,8 +796,8 @@ class remoting_dns extends remoting {
if (!empty($client_id) && !empty($server_id)) {
$server_id = $app->functions->intval($server_id);
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id AND server_id = $server_id";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ? AND server_id = ?";
+ $result = $app->db->queryAllRecords($sql, $client_id, $server_id);
return $result;
}
return false;
@@ -785,8 +817,8 @@ class remoting_dns extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($zone_id);;
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM dns_rr WHERE zone = ?";
+ $result = $app->db->queryAllRecords($sql, $zone_id);
return $result;
}
@@ -809,8 +841,8 @@ class remoting_dns extends remoting {
} else {
$status = 'N';
}
- $sql = "UPDATE dns_soa SET active = '$status' WHERE id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE dns_soa SET active = ? WHERE id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/domains.inc.php b/interface/lib/classes/remote.d/domains.inc.php
index 9bba710023f6d311b7a18673ba731e072d957c11..33830335d8989990cd1c4f4613ab290679763184 100644
--- a/interface/lib/classes/remote.d/domains.inc.php
+++ b/interface/lib/classes/remote.d/domains.inc.php
@@ -86,8 +86,8 @@ class remoting_domains extends remoting {
return false;
}
$group_id = $app->functions->intval($group_id);
- $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = $group_id ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid = ?";
+ $all = $app->db->queryAllRecords($sql, $group_id);
return $all;
}
diff --git a/interface/lib/classes/remote.d/mail.inc.php b/interface/lib/classes/remote.d/mail.inc.php
index 29ff0d83b5cc80e13e00655aad3e888c0163d0ae..914777070b9ccc15746ad3bf055adab488f308e1 100644
--- a/interface/lib/classes/remote.d/mail.inc.php
+++ b/interface/lib/classes/remote.d/mail.inc.php
@@ -208,7 +208,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -235,7 +235,7 @@ class remoting_mail extends remoting {
//* Check if mail domain exists
$email_parts = explode('@', $params['email']);
- $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);
if($tmp['domain'] != $email_parts[1]) {
throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');
return false;
@@ -320,14 +320,16 @@ class remoting_mail extends remoting {
return false;
}
+ $params = array();
if ($site_id != null) {
- $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ".$app->functions->intval($site_id);
+ $params[] = $site_id;
+ $sql = "SELECT * FROM mail_backup WHERE parent_domain_id = ?";
}
else {
$sql = "SELECT * FROM mail_backup";
}
- $result = $app->db->queryAllRecords($sql);
+ $result = $app->db->queryAllRecords($sql, true, $params);
return $result;
}
@@ -342,7 +344,7 @@ class remoting_mail extends remoting {
}
//*Set variables
- $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`='$primary_id'");
+ $backup_record = $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`=?", $primary_id);
$server_id = $backup_record['server_id'];
//*Set default action state
@@ -361,14 +363,14 @@ class remoting_mail extends remoting {
}
//* Validate instance
- $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`='$primary_id' and `action_type`='$action_type' and `action_state`='pending'");
+ $instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`=? and `action_type`=? and `action_state`='pending'", $primary_id, $action_type);
if ($instance_record['action_id'] >= 1) {
$this->server->fault('duplicate_action', "There is already a pending $action_type action");
return false;
}
//* Save the record
- if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = '$server_id', `tstamp` = '$tstamp', `action_type` = '$action_type', `action_param` = '$primary_id', `action_state` = '$action_state'")) {
+ if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = ?, `tstamp` = ?, `action_type` = ?, `action_param` = ?, `action_state` = ?", $server_id, $tstamp, $action_type, $primary_id, $action_state)) {
return true;
} else {
return false;
@@ -401,7 +403,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -423,7 +425,7 @@ class remoting_mail extends remoting {
}
//* Check if there is no active mailbox with this address
- $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);
if($tmp['number'] > 0) {
throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');
}
@@ -1059,9 +1061,8 @@ class remoting_mail extends remoting {
return false;
}
if (!empty($domain)) {
- $domain = $app->db->quote($domain);
- $sql = "SELECT * FROM mail_domain WHERE domain = '$domain'";
- $result = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM mail_domain WHERE domain = ?";
+ $result = $app->db->queryAllRecords($sql, $domain);
return $result;
}
return false;
@@ -1079,8 +1080,8 @@ class remoting_mail extends remoting {
} else {
$status = 'n';
}
- $sql = "UPDATE mail_domain SET active = '$status' WHERE domain_id = ".$app->functions->intval($primary_id);
- $app->db->query($sql);
+ $sql = "UPDATE mail_domain SET active = ? WHERE domain_id = ?";
+ $app->db->query($sql, $status, $primary_id);
$result = $app->db->affectedRows();
return $result;
} else {
diff --git a/interface/lib/classes/remote.d/openvz.inc.php b/interface/lib/classes/remote.d/openvz.inc.php
index 4a087ccbc7e2d2c3df231d943869211fccbee439..c427a1f749e3f7eecf6e85cf00722eb155dda51f 100644
--- a/interface/lib/classes/remote.d/openvz.inc.php
+++ b/interface/lib/classes/remote.d/openvz.inc.php
@@ -159,7 +159,7 @@ class remoting_openvz extends remoting {
$server_id = $app->functions->intval($server_id);
if($server_id > 0) {
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = $server_id LIMIT 0,1");
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $server_id);
} else {
$tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -229,9 +229,9 @@ class remoting_openvz extends remoting {
if (!empty($client_id)) {
$client_id = $app->functions->intval($client_id);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
- $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ".$app->functions->intval($tmp['groupid']);
- $result = $app->db->queryAllRecords($sql);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+ $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ?";
+ $result = $app->db->queryAllRecords($sql, $tmp['groupid']);
return $result;
}
return false;
@@ -272,23 +272,23 @@ class remoting_openvz extends remoting {
}
// Verify if template and ostemplate exist
- $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = $template_id");
+ $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = ?", $template_id);
if(!is_array($tmp)) {
throw new SoapFault('template_id_error', 'Template does not exist.');
return false;
}
- $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = $ostemplate_id");
+ $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = ?", $ostemplate_id);
if(!is_array($tmp)) {
throw new SoapFault('ostemplate_id_error', 'OSTemplate does not exist.');
return false;
}
//* Get the template
- $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = $template_id");
+ $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $template_id);
//* Get the IP address and server_id
if($override_params['server_id'] > 0) {
- $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ".$override_params['server_id']." LIMIT 0,1");
+ $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $override_params['server_id']);
} else {
$vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");
}
@@ -376,25 +376,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_start_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -425,25 +418,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_stop_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
@@ -474,25 +460,18 @@ class remoting_openvz extends remoting {
$action = 'openvz_restart_vm';
$tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
- WHERE server_id = '".$vm['server_id']."'
- AND action_type = '$action'
- AND action_param = '".$vm['veid']."'
- AND action_state = 'pending'");
+ WHERE server_id = ?
+ AND action_type = ?
+ AND action_param = ?
+ AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);
if($tmp['actions'] > 0) {
throw new SoapFault('action_pending', 'There is already a action pending for this VM.');
return false;
} else {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$vm['server_id'] . ", ".
- time() . ", ".
- "'".$action."', ".
- $vm['veid'].", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, ?, ?, ?, 'pending', '')";
+ $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);
}
}
diff --git a/interface/lib/classes/remote.d/server.inc.php b/interface/lib/classes/remote.d/server.inc.php
index 403530207151242fcef101c6052e507227bf1144..eb4a8b9846641d44865d345fa889b09cd2d6ef37 100644
--- a/interface/lib/classes/remote.d/server.inc.php
+++ b/interface/lib/classes/remote.d/server.inc.php
@@ -55,8 +55,8 @@ class remoting_server extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $sql = "SELECT server_id FROM server_ip WHERE ip_address = '$ipaddress' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server_ip WHERE ip_address = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $ipaddress);
return $all;
}
@@ -178,8 +178,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_name)) {
- $sql = "SELECT server_id FROM server WHERE server_name = '$server_name' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id FROM server WHERE server_name = ? LIMIT 1";
+ $all = $app->db->queryAllRecords($sql, $server_name);
return $all;
} else {
return false;
@@ -200,8 +200,8 @@ class remoting_server extends remoting {
return false;
}
if (!empty($session_id) && !empty($server_id)) {
- $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = '$server_id' LIMIT 1 ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id = ? LIMIT 1 ";
+ $all = $app->db->queryAllRecords($sql, $server_id);
return $all;
} else {
return false;
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index 05ba482cba76e201f6217a2975095bca96096cf3..ad3f2e3046f96e3e84c5d2ba75b15f7d767d08aa 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -102,7 +102,8 @@ class remoting_sites extends remoting {
$app->remoting_lib->loadFormDef('../sites/form/database.tform.php');
return $app->remoting_lib->getDataRecord($primary_id);
}
-
+
+ /* TODO: secure queries! */
//* Add a record
public function sites_database_add($session_id, $client_id, $params)
{
@@ -114,7 +115,7 @@ class remoting_sites extends remoting {
}
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $params['database_name'], $params["server_id"]);
if($tmp['dbnum'] > 0) {
throw new SoapFault('database_name_error_unique', 'There is already a database with that name on the same server.');
return false;
@@ -135,7 +136,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);
}
@@ -169,7 +169,6 @@ class remoting_sites extends remoting {
$sql_set = array();
if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
- //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id);
$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);
}
@@ -239,7 +238,7 @@ class remoting_sites extends remoting {
$new_rec = $app->remoting_lib->getDataRecord($primary_id);
- $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = ? UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = ?", $primary_id, $primary_id);
foreach($records as $rec) {
$tmp_rec = $new_rec;
$tmp_rec['server_id'] = $rec['server_id'];
@@ -265,14 +264,14 @@ class remoting_sites extends remoting {
$app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);
$affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php', $primary_id);
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);
}
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);
}
return $affected_rows;
@@ -336,7 +335,7 @@ class remoting_sites extends remoting {
return false;
}
- $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = '".$app->db->quote($ftp_user)."'");
+ $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = ?", $ftp_user);
//file_put_contents('/tmp/test.txt', serialize($data));
if(!isset($data['server_id'])) return false;
@@ -406,7 +405,7 @@ class remoting_sites extends remoting {
return false;
}
$app->uses('remoting_lib');
- $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+ $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
return $app->remoting_lib->getDataRecord($primary_id);
}
@@ -420,7 +419,7 @@ class remoting_sites extends remoting {
}
if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client_id));
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
$params['client_group_id'] = $rec['groupid'];
}
@@ -435,9 +434,9 @@ class remoting_sites extends remoting {
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
- $domain_id = $this->insertQuery('../sites/form/web_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
+ $domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
if ($readonly === true)
- $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
+ $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ?", $domain_id);
return $domain_id;
}
@@ -455,7 +454,7 @@ class remoting_sites extends remoting {
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
- $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', $client_id, $primary_id, $params);
+ $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);
return $affected_rows;
}
@@ -466,7 +465,7 @@ class remoting_sites extends remoting {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $affected_rows = $this->deleteQuery('../sites/form/web_domain.tform.php', $primary_id);
+ $affected_rows = $this->deleteQuery('../sites/form/web_vhost_domain.tform.php', $primary_id);
return $affected_rows;
}
@@ -751,7 +750,7 @@ class remoting_sites extends remoting {
}
// Delete all users that belong to this folder. - taken from web_folder_delete.php
- $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($primary_id)."'");
+ $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $primary_id);
foreach($records as $rec) {
$this->deleteQuery('../sites/form/web_folder_user.tform.php', $rec['web_folder_user_id']);
//$app->db->datalogDelete('web_folder_user','web_folder_user_id',$rec['web_folder_user_id']);
@@ -865,11 +864,11 @@ class remoting_sites extends remoting {
} else {
$status = 'n';
}
- $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+ $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
$params = $app->remoting_lib->getDataRecord($primary_id);
$params['active'] = $status;
- $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', 0, $primary_id, $params);
+ $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', 0, $primary_id, $params);
return $affected_rows;
} else {
throw new SoapFault('status_undefined', 'The status is not available');
@@ -889,8 +888,8 @@ class remoting_sites extends remoting {
return false;
}
$client_id = $app->functions->intval($client_id);
- $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ?";
+ $all = $app->db->queryAllRecords($sql, $client_id);
return $all;
}
@@ -904,7 +903,7 @@ class remoting_sites extends remoting {
return false;
}
- $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $app->functions->intval($site_id));
+ $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $site_id);
return $result;
}
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index f42d22b070c655daa835c69659e65b365c163a8e..204aebb15c08e7c33e7f86c0c992de474959009a 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -90,15 +90,12 @@ class remoting {
}
//* Delete old remoting sessions
- $sql = "DELETE FROM remote_session WHERE tstamp < ".time();
+ $sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()";
$app->db->query($sql);
- $username = $app->db->quote($username);
- $password = $app->db->quote($password);
-
if($client_login == true) {
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
- $user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
@@ -127,7 +124,7 @@ class remoting {
}
// now we need the client data
- $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($user['default_group']));
+ $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']);
if(!$client || $client['can_use_api'] != 'y') {
throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.');
return false;
@@ -140,13 +137,12 @@ class remoting {
$remote_functions = '';
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',1,$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, 1, $tstamp)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
- $sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
- $remote_user = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";
+ $remote_user = $app->db->queryOneRecord($sql, $username, $password);
if($remote_user['remote_userid'] > 0) {
//* Create a remote user session
//srand ((double)microtime()*1000000);
@@ -155,9 +151,8 @@ class remoting {
$remote_functions = $remote_user['remote_functions'];
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
- .') VALUES ('
- ." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
- $app->db->query($sql);
+ .') VALUES (?, ?, ?, ?)';
+ $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
return $remote_session;
} else {
throw new SoapFault('login_failed', 'The login failed. Username or password wrong.');
@@ -177,10 +172,8 @@ class remoting {
return false;
}
- $session_id = $app->db->quote($session_id);
-
- $sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
- if($app->db->query($sql) != false) {
+ $sql = "DELETE FROM remote_session WHERE remote_session = ?";
+ if($app->db->query($sql, $session_id) != false) {
return true;
} else {
return false;
@@ -203,8 +196,8 @@ class remoting {
$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);
//* Check if no system user with that username exists
- $username = $app->db->quote($params["username"]);
- $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = '$username'");
+ $username = $params["username"];
+ $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);
if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username ";
//* Stop on error while preparing the sql query
@@ -238,7 +231,7 @@ class remoting {
/* copied from the client_edit php */
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
@@ -251,10 +244,10 @@ class remoting {
$app->remoting_lib->ispconfig_sysuser_add($params, $insert_id);
if($reseller_id) {
- $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ".$insert_id);
- $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$reseller_id);
+ $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id);
+ $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id);
$app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']);
- $app->db->query("UPDATE client SET parent_client_id = ".$reseller_id." WHERE client_id = ".$insert_id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id);
}
}
@@ -347,6 +340,7 @@ class remoting {
//* Get the SQL query
$sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id);
+
// throw new SoapFault('debug', $sql);
if($app->remoting_lib->errorMessage != '') {
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage);
@@ -473,11 +467,8 @@ class remoting {
return false;
}
- $session_id = $app->db->quote($session_id);
-
- $now = time();
- $sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
- $session = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()";
+ $session = $app->db->queryOneRecord($sql, $session_id);
if($session['remote_userid'] > 0) {
return $session;
} else {
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0d89c1f1a13bb4f7f7d56ba7b7bcf724f934fabe..9ee3ca547c2d11cf0e9b89f7cbaac4251435f071 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -110,7 +110,7 @@ class remoting_lib extends tform_base {
if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) {
$client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']);
- $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid);
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid);
$this->client_id = $client['client_id'];
$client_login = true;
@@ -125,23 +125,11 @@ class remoting_lib extends tform_base {
$this->sys_groups = 1;
$_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* load system user - try with sysuser and before with userid (workarrond)
- /*
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
- if(empty($user["userid"])) {
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
- if(empty($user["userid"])) {
- $this->errorMessage .= "No sysuser with the ID $client_id found.";
- return false;
- }
- }*/
-
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id);
$this->sys_username = $user['username'];
$this->sys_userid = $user['userid'];
$this->sys_default_group = $user['default_group'];
$this->sys_groups = $user['groups'];
- // $_SESSION["s"]["user"]["typ"] = $user['typ'];
// we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin';
}
@@ -239,8 +227,8 @@ class remoting_lib extends tform_base {
return parent::getDataRecord($primary_id);
} elseif($primary_id == -1) {
// Return a array with all records
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape;
- return $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM ??";
+ return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
} else {
throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.');
return array();
@@ -250,22 +238,23 @@ class remoting_lib extends tform_base {
$sql_offset = 0;
$sql_limit = 0;
$sql_where = '';
+ $params = array($this->formDef['db_table']);
foreach($primary_id as $key => $val) {
- $key = $app->db->quote($key);
- $val = $app->db->quote($val);
if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
elseif(stristr($val, '%')) {
- $sql_where .= "$key like '$val' AND ";
+ $sql_where .= "? like ? AND ";
} else {
- $sql_where .= "$key = '$val' AND ";
+ $sql_where .= "? = ? AND ";
}
+ $params[] = $key;
+ $params[] = $val;
}
$sql_where = substr($sql_where, 0, -5);
if($sql_where == '') $sql_where = '1';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
+ $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
- return $app->db->queryAllRecords($sql);
+ return $app->db->queryAllRecords($sql, true, $params);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
return array();
@@ -274,12 +263,12 @@ class remoting_lib extends tform_base {
function ispconfig_sysuser_add($params, $insert_id){
global $conf, $app, $sql1;
- $username = $app->db->quote($params["username"]);
- $password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $password = $params["password"];
if(!isset($params['modules'])) {
$modules = $conf['interface_modules_enabled'];
} else {
- $modules = $app->db->quote($params['modules']);
+ $modules = $params['modules'];
}
if(isset($params['limit_client']) && $params['limit_client'] > 0) {
$modules .= ',client';
@@ -288,44 +277,51 @@ class remoting_lib extends tform_base {
if(!isset($params['startmodule'])) {
$startmodule = 'dashboard';
} else {
- $startmodule = $app->db->quote($params["startmodule"]);
+ $startmodule = $params["startmodule"];
if(!preg_match('/'.$startmodule.'/', $modules)) {
$_modules = explode(',', $modules);
$startmodule=$_modules[0];
}
}
- $usertheme = $app->db->quote($params["usertheme"]);
+ $usertheme = $params["usertheme"];
$type = 'user';
$active = 1;
$insert_id = $app->functions->intval($insert_id);
- $language = $app->db->quote($params["language"]);
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $language = $params["language"];
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $username, "description" => "", "client_id" => $insert_id), 'groupid');
$groups = $groupid;
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
- $app->db->query($sql1);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id);
}
function ispconfig_sysuser_update($params, $client_id){
global $app;
- $username = $app->db->quote($params["username"]);
- $clear_password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $clear_password = $params["password"];
$client_id = $app->functions->intval($client_id);
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
else $password = $clear_password;
- if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
- $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
- $app->db->query($sql);
+ $params = array($username);
+ if ($clear_password) {
+ $pwstring = ", passwort = ?";
+ $params[] = $password;
+ } else {
+ $pwstring ="" ;
+ }
+ $params[] = $client_id;
+ $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?";
+ $app->db->query($sql, true, $params);
}
function ispconfig_sysuser_delete($client_id){
global $app;
$client_id = $app->functions->intval($client_id);
- $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
- $app->db->query($sql);
- $sql = "DELETE FROM sys_group WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "DELETE FROM sys_user WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
+ $sql = "DELETE FROM sys_group WHERE client_id = ?";
+ $app->db->query($sql, $client_id);
}
}
diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php
index cfa8f283601324f93861de938454d8b5cc635279..0a290c1d699bcae630af474c76190d92f5ec1d42 100644
--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -177,7 +177,7 @@ class searchform {
if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
$sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;
- $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");
+ $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ?? WHERE $sql_where", $table);
$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
$vars['list_file'] = $this->listDef['file'];
@@ -247,7 +247,7 @@ class searchform {
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
- $data = $app->db->quote(serialize($settings));
+ $data = serialize($settings);
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
@@ -260,9 +260,8 @@ class searchform {
$sql = 'INSERT INTO `searchform` ( '
.'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` '
- .')VALUES ('
- ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')";
- $app->db->query($sql);
+ .')VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)';
+ $app->db->query($sql, $userid, $groupid, $sys_perm_user, $sys_perm_group, $sys_perm_other, $module, $searchform, $title, $data);
}
public function decode($record)
@@ -303,6 +302,7 @@ class searchform {
return $record;
}
+ /* TODO: check for double quoting mysql value */
public function encode($record)
{
global $app;
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index 8b3a7cffc4b530136d472cbe4b7510a5cfbc3df8..bef2a1037838b2c3253c771b3b5d280b21ad49b9 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -66,9 +66,9 @@ class session {
function read ($session_id) {
if($this->timeout > 0) {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);
} else {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);
}
if (is_array($rec)) {
@@ -87,23 +87,18 @@ class session {
// Dont write session_data to DB if session data has not been changed after reading it.
if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
- $session_id = $this->db->quote($session_id);
- $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = '$session_id'");
+ $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);
return true;
}
if (@$this->session_array['session_id'] == '') {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id',NOW(),NOW(),'$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
- $this->db->query($sql);
+ $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)";
+ $this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n'));
} else {
- $session_id = $this->db->quote($session_id);
- $session_data = $this->db->quote($session_data);
- $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";
+ $this->db->query($sql, $session_data, $session_id);
}
@@ -112,25 +107,20 @@ class session {
function destroy ($session_id) {
- $session_id = $this->db->quote($session_id);
- $sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE session_id = ?";
+ $this->db->query($sql, $session_id);
return true;
}
function gc ($max_lifetime) {
- /*if($this->timeout > 0) {
- $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
- } else {*/
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($max_lifetime) . " SECOND) AND `permanent` != 'y'";
- $this->db->query($sql);
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";
+ $this->db->query($sql, intval($max_lifetime));
- /* delete very old even if they are permanent */
- $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
- $this->db->query($sql);
- //}
+ /* delete very old even if they are permanent */
+ $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
+ $this->db->query($sql);
return true;
diff --git a/interface/lib/classes/sites_database_plugin.inc.php b/interface/lib/classes/sites_database_plugin.inc.php
index bf53c61fadbc5d6494a99da32ff3943b7244ceff..89cb7ce9c278a649d610a2a8ef4891cafbb47ebd 100644
--- a/interface/lib/classes/sites_database_plugin.inc.php
+++ b/interface/lib/classes/sites_database_plugin.inc.php
@@ -40,15 +40,15 @@ class sites_database_plugin {
global $app;
if($form_page->dataRecord["parent_domain_id"] > 0) {
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($form_page->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $form_page->dataRecord["parent_domain_id"]);
//* The Database user shall be owned by the same group then the website
$sys_groupid = $app->functions->intval($web['sys_groupid']);
- $backup_interval = $app->db->quote($web['backup_interval']);
+ $backup_interval = $web['backup_interval'];
$backup_copies = $app->functions->intval($web['backup_copies']);
- $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$form_page->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?";
+ $app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id);
}
}
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 7912f537dc78bb762ba11650ab2cd7b3ad2638f9..30a71db6391d42e075ccd17cdd951176d4cc0b79 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -79,8 +79,8 @@ class tform extends tform_base {
$escape = '`';
}
- $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm);
- if($record = $app->db->queryOneRecord($sql)) {
+ $sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm);
+ if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) {
return true;
} else {
return false;
@@ -133,8 +133,8 @@ class tform extends tform_base {
$escape = '`';
}
- $sql = "SELECT sys_userid FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
- $record = $app->db->queryOneRecord($sql);
+ $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?";
+ $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
// return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record.
if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) {
@@ -161,18 +161,17 @@ class tform extends tform_base {
global $app;
$check_passed = true;
- $limit_name = $app->db->quote($limit_name);
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id);
// Check if the user may add another item
if($client["number"] >= 0) {
- $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE ".$this->getAuthSQL('u');
+ $sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u');
if($sql_where != '') $sql .= ' and '.$sql_where;
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']);
if($tmp["number"] >= $client["number"]) $check_passed = false;
}
@@ -183,30 +182,29 @@ class tform extends tform_base {
global $app;
$check_passed = true;
- $limit_name = $app->db->quote($limit_name);
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
// Get the limits of the client that is currently logged in
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
//* first we need to know the groups of this reseller
- $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
$reseller_groups = $tmp["groups"];
$reseller_userid = $tmp["userid"];
// Get the limits of the reseller of the logged in client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']);
// Check if the user may add another item
if($reseller["number"] >= 0) {
- $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE (sys_groupid IN (".$reseller_groups.") or sys_userid = ".$reseller_userid.")";
+ $sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)";
if($sql_where != '') $sql .= ' and '.$sql_where;
- $tmp = $app->db->queryOneRecord($sql);
+ $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid);
if($tmp["number"] >= $reseller["number"]) $check_passed = false;
}
}
diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index dfc943c8822a33039ea0cd82cf7e4a65a171fc2d..f172fea1f4c5fceb824281c8e1b54ee7cc6b3446 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -82,7 +82,7 @@ class tform_actions {
// check if the client is locked - he may not change anything, then.
if(!$app->auth->is_admin()) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
+ $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(is_array($client) && $client['locked'] == 'y') {
$app->tform->errorMessage .= $app->lng("client_you_are_locked")." ";
}
@@ -311,7 +311,6 @@ class tform_actions {
if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
}
- //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id);
$this->dataRecord = $app->tform->getDataRecord($this->id);
$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this);
@@ -324,7 +323,7 @@ class tform_actions {
$app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array());
}
- $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1");
+ $app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id);
// loading plugins
@@ -379,11 +378,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -423,11 +422,11 @@ class tform_actions {
$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']);
$app->tpl->setVar('show_mail', 1);
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
$record["mailmessage"] = $_POST["message"];
@@ -459,11 +458,11 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
$record["datum"] = date("d.m.Y");
@@ -560,11 +559,11 @@ class tform_actions {
// bestehenden Datensatz anzeigen
if($app->tform->errorMessage == '') {
if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
} else {
- $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+ $sql = "SELECT * FROM ?? WHERE ?? = ?";
}
- if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+ if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
} else {
// $record = $app->tform->encode($_POST,$this->active_tab);
$record = $app->tform->encode($this->dataRecord, $this->active_tab, false);
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index e27940d4f5c0270eaea15d4e5c02528cb9f1419a..fb943c50b464b17d95a0aa108d02ff87e9dcfc9c 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -347,7 +347,7 @@ class tform_base {
return $values;
} else {
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$allowed = explode(',', $client['lm']);
}
}
@@ -359,19 +359,19 @@ class tform_base {
} else {
//* Get the limits of the client that is currently logged in
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
//echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
//* If the client belongs to a reseller, we will check against the reseller Limit too
if($client['parent_client_id'] != 0) {
//* first we need to know the groups of this reseller
- $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
$reseller_groups = $tmp["groups"];
$reseller_userid = $tmp["userid"];
// Get the limits of the reseller of the logged in client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']);
+ $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']);
$allowed = explode(',', $reseller['lm']);
} else {
return $values;
@@ -810,6 +810,9 @@ class tform_base {
case 'IDNTOUTF8':
$returnval = $app->functions->idn_decode($returnval);
break;
+ case 'TRIM':
+ $returnval = trim($returnval);
+ break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
break;
@@ -853,7 +856,7 @@ class tform_base {
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
if($this->action == 'NEW') {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -863,7 +866,7 @@ class tform_base {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -1108,6 +1111,7 @@ class tform_base {
* @param primary_id
* @return record
*/
+ /* TODO: check for double quoting */
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
@@ -1139,7 +1143,7 @@ class tform_base {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
@@ -1167,7 +1171,7 @@ class tform_base {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
@@ -1359,8 +1363,8 @@ class tform_base {
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
- return $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
+ return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
}
diff --git a/interface/lib/classes/tools_monitor.inc.php b/interface/lib/classes/tools_monitor.inc.php
index d8a09f4d6a1453d227b2a0e3d9788ff08c68e6a7..bd1a969d57457fee98709adf390ea4ab12b0e00f 100644
--- a/interface/lib/classes/tools_monitor.inc.php
+++ b/interface/lib/classes/tools_monitor.inc.php
@@ -33,7 +33,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -80,7 +80,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -123,7 +123,7 @@ class tools_monitor {
function showDatabaseSize () {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
//* format the data
@@ -142,10 +142,12 @@ class tools_monitor {
if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']);
//* get the client
- $line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username'];
+ $tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']);
+ $line['client'] = $tmp['username'];
//* get the domain
- $line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain'];
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']);
+ $line['domain'] = $tmp['domain'];
//* remove the sys_groupid from output
unset($line['sys_groupid']);
@@ -166,7 +168,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -202,7 +204,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -236,7 +238,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -349,7 +351,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -379,7 +381,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -408,7 +410,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -441,7 +443,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -472,7 +474,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -486,7 +488,7 @@ class tools_monitor {
$data = unserialize($record['data']);
if ($data == '') {
$html .= '
'.
- 'fail2ban is not installed at this server. ' .
+ 'fail2ban is not installed on this server. ' .
'See more (for debian) here...'.
'
';
}
@@ -506,7 +508,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
@@ -520,8 +522,7 @@ class tools_monitor {
$data = unserialize($record['data']);
if ($data == '') {
$html .= '
'.
- 'MongoDB is not installed at this server. ' .
- 'See more (for debian) here...'.
+ 'MongoDB is not installed on this server. ' .
'
';
}
else {
@@ -538,7 +539,7 @@ class tools_monitor {
function showIPTables() {
global $app;
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$html =
'
@@ -562,7 +563,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -578,7 +579,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);
/* TODO: datetimeformat should be set somewhat other way */
$dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");
diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3400c5b708097d837a6880881b1e4a064d9fdd5d..b2881f57cc7e28a96554b8f585d17873100035fe 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -87,7 +87,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id'])) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -96,7 +96,7 @@ class tools_sites {
}
}
- $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = $this->convertClientName($clientName);
@@ -114,7 +114,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -122,7 +122,7 @@ class tools_sites {
return '[CLIENTID]';
}
}
- $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
$clientID = $tmp['client_id'];
if ($clientID == '') $clientID = '0';
return $clientID;
@@ -144,6 +144,7 @@ class tools_sites {
return $res;
}
+ /* TODO: rewrite SQL */
function getDomainModuleDomains($not_used_in_table = null, $selected_domain = null) {
global $app;
@@ -168,6 +169,7 @@ class tools_sites {
return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
}
+ /* TODO: rewrite SQL */
function checkDomainModuleDomain($domain_id) {
global $app;
@@ -180,7 +182,8 @@ class tools_sites {
if(!$domain || !$domain['domain_id']) return false;
return $domain['domain'];
}
-
+
+ /* TODO: rewrite SQL */
function getClientIdForDomain($domain_id) {
global $app;
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index c67601bfb7d7c080bd5d9f15d086ab63e06d38dc..db55b04f187862eecd25593396597303f27c3aff 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -43,7 +43,7 @@ class validate_client {
}
if($client_id == 0) {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -53,7 +53,7 @@ class validate_client {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -108,23 +108,23 @@ class validate_client {
switch ($field_name)
{
case 'web_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'dns_servers':
- $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'db_servers':
- $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'mail_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'xmpp_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
}
@@ -151,7 +151,7 @@ class validate_client {
}
// check if country is member of EU
- $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");
+ $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);
if($country_details['eu'] == 'y' && $vatid != ''){
$vatid = preg_replace('/\s+/', '', $vatid);
@@ -161,6 +161,8 @@ class validate_client {
// Test if the country of the VAT-ID matches the country of the customer
if($country != ''){
+ // Greece
+ if($country == 'GR') $country = 'EL';
if(strtoupper($cc) != $country){
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_dkim.inc.php b/interface/lib/classes/validate_dkim.inc.php
index 71fd8c5454a847b1877cd9d74e81502538803851..5d7fb8f1e369a88930ca90379ee90be5af2cb203 100644
--- a/interface/lib/classes/validate_dkim.inc.php
+++ b/interface/lib/classes/validate_dkim.inc.php
@@ -62,8 +62,10 @@ class validate_dkim {
*/
function check_template($field_name, $field_value, $validator) {
$dkim=false;
- foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
- if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ if(is_array($field_value) && !empty($field_value)){
+ foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
+ if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ }
}
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index 212c4d75dccd8aaf7b537f342b9a7465be22cf10..a6920e0b01d4f033326b148f425d34631d2cb9bb 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -104,7 +104,7 @@ class validate_dns {
}
if(substr($field, -1) == '.' && $area == 'Name'){
- $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
+ $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ?", $zoneid);
if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']." \r\n";
}
diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index a072412584f51bb4a4d5b226c20009449df983c5..b4acbd6db136449cb967aa46602684a13ea0188b 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -88,8 +88,8 @@ class validate_domain {
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
if ($settings['use_domain_module'] == 'y') {
- $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain);
- $domain_check = $app->db->queryOneRecord($sql);
+ $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?";
+ $domain_check = $app->db->queryOneRecord($sql, $check_domain);
if(!$domain_check) return;
$check_domain = $domain_check['domain'];
}
@@ -157,24 +157,27 @@ class validate_domain {
if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
if($domain['parent_domain_id'] > 0){
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']);
}
}
// check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well
- $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')");
+ $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id);
$additional_sql1 = '';
$additional_sql2 = '';
+ $domain_params = array();
if(is_array($aliassubdomains) && !empty($aliassubdomains)){
foreach($aliassubdomains as $aliassubdomain){
- $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'";
- $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'";
+ $additional_sql1 .= " OR d.domain = ?";
+ $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?";
+ $domain_params[] = $aliassubdomain['domain'];
}
}
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true, $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -185,8 +188,9 @@ class validate_domain {
}
if($only_domain == false) {
- $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");
- $checks = $app->db->queryAllRecords($qrystr);
+ $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");
+ $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);
+ $checks = $app->db->queryAllRecords($qrystr, true, $params);
if(is_array($checks) && !empty($checks)){
foreach($checks as $check){
if($domain['ip_address'] == '*') return false;
@@ -207,7 +211,7 @@ class validate_domain {
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if($client["limit_wildcard"] == 'y') return true;
else return false;
diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 8e0663ecae9dc661df5051163a37a9b9d73a1bea..da8c100adcdb168287b97db8b81be580a36f6d13 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -50,7 +50,7 @@ class validate_ftpuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'");
+ $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id);
if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -66,7 +66,7 @@ class validate_ftpuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
index 2cab1cf44464c563b7296230cd3af6682d906aa3..74824b72ca592ad3b4506fee29f1f219e6d798fd 100644
--- a/interface/lib/classes/validate_systemuser.inc.php
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -95,7 +95,7 @@ class validate_systemuser {
if($primary_id > 0) {
//* get parent_domain_id from website
- $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'");
+ $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -111,7 +111,7 @@ class validate_systemuser {
$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/plugins/dns_dns_slave_plugin.inc.php b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
index aa2e20f9ab4089e5833de379049ee22f416f24a3..8f49ce69d0bc4c855f60a927cc120a38dee8f7ac 100644
--- a/interface/lib/plugins/dns_dns_slave_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_slave_plugin.inc.php
@@ -30,19 +30,19 @@ class dns_dns_slave_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/dns_dns_soa_plugin.inc.php b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
index 1cada0e932d59510d136542b8a3295933a434e37..8f047bef8b147c354cc400a082b4050a7b4befec 100644
--- a/interface/lib/plugins/dns_dns_soa_plugin.inc.php
+++ b/interface/lib/plugins/dns_dns_soa_plugin.inc.php
@@ -31,17 +31,17 @@ class dns_dns_soa_plugin {
$tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id));
if($tmp['diff_num'] > 0) {
// Update the serial number of the SOA record
- $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id);
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id);
+ $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
if($tmp["userid"] > 0) {
- $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);
- $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id);
}
}
}
@@ -49,15 +49,15 @@ class dns_dns_soa_plugin {
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id);
// And we want to update all rr records too, that belong to this record
- $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);
+ $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);
}
}
diff --git a/interface/lib/plugins/mail_mail_domain_plugin.inc.php b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
index 13f6009ee58d62a84aaf6cc4de54b9c48a5ca4e3..90b1ac15b95033a431d6c75932392eaec0f8652a 100644
--- a/interface/lib/plugins/mail_mail_domain_plugin.inc.php
+++ b/interface/lib/plugins/mail_mail_domain_plugin.inc.php
@@ -31,23 +31,29 @@ class mail_mail_domain_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'";
+ $updates = "sys_groupid = ?, sys_perm_group = 'ru'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id;
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
$updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'";
+ $update_params = array($client_group_id);
if ($event_name == 'mail:mail_domain:on_after_update') {
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);
$client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
- $updates = "sys_userid = $client_user_id, $updates";
+ $updates .= ", sys_userid = ?";
+ $update_params[] = $client_user_id;
}
- $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);
+ $update_params[] = $page_form->id;
+ $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);
}
//** If the domain name or owner has been changed, change the domain and owner in all mailbox records
@@ -57,9 +63,9 @@ class mail_mail_domain_plugin {
$mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail');
//* Update the mailboxes
- $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']);
$sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']);
- $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
if(is_array($mailusers)) {
foreach($mailusers as $rec) {
@@ -67,46 +73,45 @@ class mail_mail_domain_plugin {
$mail_parts = explode("@", $rec['email']);
$maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]);
$maildir = str_replace("[localpart]", $mail_parts[0], $maildir);
- $maildir = $app->db->quote($maildir);
- $email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']);
- $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);
+ $email = $mail_parts[0].'@'.$page_form->dataRecord['domain'];
+ $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);
}
}
//* Update the aliases
- $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']);
if(is_array($forwardings)) {
foreach($forwardings as $rec) {
- $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
- $source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']));
- $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);
+ $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+ $source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']);
+ $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);
}
}
//* Update the mailinglist
- $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']);
if(is_array($mailing_lists)) {
foreach($mailing_lists as $rec) {
- $app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']);
+ $app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']);
}
}
//* Update the mailget records
- $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']);
if(is_array($mail_gets)) {
foreach($mail_gets as $rec) {
- $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
- $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);
+ $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+ $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);
}
}
if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) {
//* Delete the old spamfilter record
- $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]);
$app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);
unset($tmp);
}
- $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");
+ $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']);
} // end if domain name changed
}
diff --git a/interface/lib/plugins/mail_user_filter_plugin.inc.php b/interface/lib/plugins/mail_user_filter_plugin.inc.php
index 8faeab5e83aad6c63b01df88cc35689d36583099..640dab230086183de1f35779315c52f80fe6be8a 100644
--- a/interface/lib/plugins/mail_user_filter_plugin.inc.php
+++ b/interface/lib/plugins/mail_user_filter_plugin.inc.php
@@ -61,7 +61,7 @@ class mail_user_filter_plugin {
function mail_user_filter_edit($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -86,8 +86,7 @@ class mail_user_filter_plugin {
$out = $new_rule . $out;
}
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
+ $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
}
@@ -95,7 +94,7 @@ class mail_user_filter_plugin {
function mail_user_filter_del($event_name, $page_form) {
global $app, $conf;
- $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);
+ $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$skip = false;
$lines = explode("\n", $mailuser['custom_mailfilter']);
$out = '';
@@ -111,8 +110,7 @@ class mail_user_filter_plugin {
}
}
- $out = $app->db->quote($out);
- $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
+ $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);
}
@@ -124,7 +122,7 @@ class mail_user_filter_plugin {
global $app, $conf;
$app->uses("getconf");
- $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"]));
+ $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);
$mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail');
if($mail_config['mail_filter_syntax'] == 'sieve') {
diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
index 1a880a1b10a0cd4d67cdc9861dbf917839b01c96..754c249ab9959208beba689b4b9a50971ae2b119 100644
--- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
@@ -31,13 +31,12 @@ class sites_web_database_user_plugin {
// also make sure that the user can not delete entry created by an admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
+ $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id);
}
- //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
}
}
diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
index b65c05bf2cd0546bcf853685a1e02b1278703c4d..aeb5623996009f08e3650628c4e0c871b5b50007 100644
--- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
@@ -51,11 +51,11 @@ class sites_web_vhost_domain_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
- $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
+ $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id);
}
// Get configuration for the web system
$app->uses("getconf");
@@ -73,15 +73,15 @@ class sites_web_vhost_domain_plugin {
// get the ID of the client
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);
$client_id = $app->functions->intval($client["client_id"]);
} elseif (isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
} else {
$client_group_id = $page_form->dataRecord["client_group_id"];
- $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"]));
+ $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"]));
$client_id = $app->functions->intval($client["client_id"]);
}
@@ -89,81 +89,81 @@ class sites_web_vhost_domain_plugin {
$client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote('web'.$page_form->id);
- $system_group = $app->db->quote('client'.$client_id);
+ $system_user = 'web'.$page_form->id;
+ $system_group = 'client'.$client_id;
$document_root = str_replace("[client_id]", $client_id, $document_root);
$document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);
$document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
$document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
- $document_root = $app->db->quote($document_root);
if($event_name == 'sites:web_vhost_domain:on_after_update') {
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id);
// Update the FTP user(s) too
- $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
+ $app->db->datalogUpdate('ftp_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "uid" => $system_user, "gid" => $system_group, "dir" => $document_root), 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
}
unset($records);
unset($rec);
// Update the webdav user(s) too
- $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));
+ $app->db->datalogUpdate('webdav_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));
}
unset($records);
unset($rec);
// Update the web folder(s) too
- $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id']));
+ $app->db->datalogUpdate('web_folder', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_id', $app->functions->intval($rec['web_folder_id']));
}
unset($records);
unset($rec);
//* Update all web folder users
- $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));
+ $app->db->datalogUpdate('web_folder_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));
}
unset($records);
unset($rec);
// Update the Shell user(s) too
- $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
+ $app->db->datalogUpdate('shell_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "puser" => $system_user, "pgroup" => $system_group, "dir" => $document_root), 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
}
unset($records);
unset($rec);
// Update the cron(s) too
- $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id']));
+ $app->db->datalogUpdate('cron', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'id', $app->functions->intval($rec['id']));
}
unset($records);
unset($rec);
//* Update all subdomains and alias domains
- $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'";
+ $update_columns = array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']);
if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $rec['domain'], $php_open_basedir));
+ $php_open_basedir = str_replace("[website_domain]", $rec['domain'], $php_open_basedir);
- $update_columns .= ", document_root = '".$document_root."', `php_open_basedir` = '".$php_open_basedir."'";
+ $update_columns["document_root"] = $document_root;
+ $update_columns["php_open_basedir"] = $php_open_basedir;
}
$app->db->datalogUpdate('web_domain', $update_columns, 'domain_id', $rec['domain_id']);
}
@@ -171,24 +171,24 @@ class sites_web_vhost_domain_plugin {
unset($rec);
//* Update all databases
- $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
+ $app->db->datalogUpdate('web_database', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_id', $app->functions->intval($rec['database_id']));
}
//* Update all database users
- $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id']));
+ $app->db->datalogUpdate('web_database_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_user_id', $app->functions->intval($rec['database_user_id']));
}
unset($records);
unset($rec);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
- $app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']);
+ $app->db->datalogUpdate('aps_instances', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "customer_id" => $client_id), 'id', $rec['instance_id']);
}
}
unset($records);
@@ -198,20 +198,20 @@ class sites_web_vhost_domain_plugin {
//* If the domain name has been changed, we will have to change all subdomains + APS instances
if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) {
- $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]);
foreach($records as $rec) {
- $subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']));
- $app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']);
+ $subdomain = str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']);
+ $app->db->datalogUpdate('web_domain', array("domain" => $subdomain), 'domain_id', $rec['domain_id']);
}
unset($records);
unset($rec);
unset($subdomain);
// Update APS instances
- $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");
+ $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);
if(is_array($records) && !empty($records)){
foreach($records as $rec){
- $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']);
+ $app->db->datalogUpdate('aps_instances_settings', array("value" => $page_form->dataRecord["domain"]), 'id', $rec['id']);
}
}
unset($records);
@@ -220,35 +220,35 @@ class sites_web_vhost_domain_plugin {
//* Set allow_override if empty
if($web_rec['allow_override'] == '') {
- $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?";
+ $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id);
}
//* Set php_open_basedir if empty or domain or client has been changed
if(empty($web_rec['php_open_basedir']) ||
(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) {
$php_open_basedir = $web_rec['php_open_basedir'];
- $php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
if(empty($web_rec['php_open_basedir']) ||
(isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) {
- $document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root));
+ $document_root = str_replace("[client_id]", $client_id, $document_root);
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
- $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
+ $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $php_open_basedir, $page_form->id);
}
//* Change database backup options when web backup options have been changed
if(isset($page_form->dataRecord['backup_interval']) && ($page_form->dataRecord['backup_interval'] != $page_form->oldDataRecord['backup_interval'] || $page_form->dataRecord['backup_copies'] != $page_form->oldDataRecord['backup_copies'])) {
//* Update all databases
- $backup_interval = $app->db->quote($page_form->dataRecord['backup_interval']);
+ $backup_interval = $page_form->dataRecord['backup_interval'];
$backup_copies = $app->functions->intval($page_form->dataRecord['backup_copies']);
$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']);
+ $app->db->datalogUpdate('web_database', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'database_id', $rec['database_id']);
}
unset($records);
unset($rec);
@@ -258,36 +258,36 @@ class sites_web_vhost_domain_plugin {
//* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed
if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) {
- $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id);
+ $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);
+ $app->db->datalogUpdate('web_domain', array("ip_address" => $web_rec['ip_address'], "ipv6_address" => $web_rec['ipv6_address']), 'domain_id', $rec['domain_id']);
}
unset($records);
unset($rec);
}
} else {
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
-
- $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $web_config["htaccess_allow_override"];
+
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
} else {
if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) {
- $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'");
+ $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']);
// Set the values for document_root, system_user and system_group
- $system_user = $app->db->quote($parent_domain['system_user']);
- $system_group = $app->db->quote($parent_domain['system_group']);
- $document_root = $app->db->quote($parent_domain['document_root']);
+ $system_user = $parent_domain['system_user'];
+ $system_group = $parent_domain['system_group'];
+ $document_root = $parent_domain['document_root'];
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
- $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));
- $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']);
- $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;
- $app->db->query($sql);
+ $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);
+ $htaccess_allow_override = $parent_domain['allow_override'];
+ $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";
+ $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
}
}
}
diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php
index fd442055623c273d166ba5094f88b76e44c8f222..dcd2df73504fbc638b7e3f9b0121d5c7c4e421c3 100644
--- a/interface/lib/plugins/vm_openvz_plugin.inc.php
+++ b/interface/lib/plugins/vm_openvz_plugin.inc.php
@@ -41,24 +41,24 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
// Set the VEID
$tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm');
$veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101;
- $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id);
unset($tmp);
// Apply template values to the advanced tab settings
$this->applyTemplate();
// Set the IP address
- $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -82,11 +82,11 @@ class vm_openvz_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
+ $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
}
if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) {
@@ -94,7 +94,7 @@ class vm_openvz_plugin {
}
// Set the IP address
- if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
+ if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);
// Create the OpenVZ config file and store it in config field
$this->makeOpenVZConfig();
@@ -111,8 +111,8 @@ class vm_openvz_plugin {
global $app, $conf;
//* Free the IP address
- $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id));
- $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);
+ $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id);
+ $app->db->datalogUpdate('openvz_ip', array('vm_id' => 0), 'ip_address_id', $tmp['ip_address_id']);
unset($tmp);
}
@@ -120,29 +120,29 @@ class vm_openvz_plugin {
private function applyTemplate() {
global $app, $conf;
- $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"]));
+ $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]);
$sql = "UPDATE openvz_vm SET ";
- $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', ";
- $sql .= "ram = '".$app->db->quote($tpl['ram'])."', ";
- $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', ";
- $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', ";
- $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', ";
- $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', ";
- $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', ";
- $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', ";
- $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', ";
- $sql .= "capability = '".$app->db->quote($tpl['capability'])."' ";
- $sql .= "WHERE vm_id = ".$app->functions->intval($this->id);
- $app->db->query($sql);
+ $sql .= "diskspace = ?, ";
+ $sql .= "ram = ?, ";
+ $sql .= "ram_burst = ?, ";
+ $sql .= "cpu_units = ?, ";
+ $sql .= "cpu_num = ?, ";
+ $sql .= "cpu_limit = ?, ";
+ $sql .= "io_priority = ?, ";
+ $sql .= "nameserver = ?, ";
+ $sql .= "create_dns = ?, ";
+ $sql .= "capability = ? ";
+ $sql .= "WHERE vm_id = ?";
+ $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id);
}
private function makeOpenVZConfig() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
- $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id']));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id));
+ $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id']));
$burst_ram = $vm['ram_burst']*256;
$guar_ram = $vm['ram']*256;
@@ -194,12 +194,12 @@ class vm_openvz_plugin {
$tpl->setVar('nameserver', $vm['nameserver']);
$tpl->setVar('capability', $vm['capability']);
- $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id']));
+ $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id']));
$tpl->setVar('ostemplate', $tmp['template_file']);
unset($tmp);
- $openvz_config = $app->db->quote($tpl->grab());
- $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id));
+ $openvz_config = $tpl->grab();
+ $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id));
unset($tpl);
@@ -208,23 +208,23 @@ class vm_openvz_plugin {
private function createDNS() {
global $app, $conf;
- $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
+ $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id));
if($vm['create_dns'] != 'y') return;
$full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']);
$hostname_parts = explode('.', $full_hostname);
- $hostname = $app->db->quote($hostname_parts[0]);
+ $hostname = $hostname_parts[0];
unset($hostname_parts[0]);
- $zone = $app->db->quote((implode('.', $hostname_parts)));
+ $zone = implode('.', $hostname_parts);
unset($hostname_parts);
// Find the dns zone
- $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'");
- $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'");
+ $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone);
+ $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname);
if($zone_rec['id'] > 0) {
- $ip_address = $app->db->quote($vm['ip_address']);
+ $ip_address = $vm['ip_address'];
$sys_userid = $app->functions->intval($zone_rec['sys_userid']);
$sys_groupid = $app->functions->intval($zone_rec['sys_groupid']);
$server_id = $app->functions->intval($zone_rec['server_id']);
@@ -232,12 +232,25 @@ class vm_openvz_plugin {
if($rr_rec['id'] > 0) {
$app->uses('validate_dns');
- $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id']));
+ $app->db->datalogUpdate('dns_rr', array("data" => $ip_address), 'id', $app->functions->intval($rr_rec['id']));
$serial = $app->validate_dns->increase_serial($zone_rec['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id']));
+ $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $app->functions->intval($zone_rec['id']));
} else {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $hostname,
+ "type" => 'A',
+ "data" => $ip_address,
+ "aux" => '0',
+ "ttl" => '3600',
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 6c29f766d100d03f548d815f26ffdd6c4956bd37..4dd26afbf6759aa1a001fd773e6fa851c72ba3b1 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -56,7 +56,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id);
+ $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php
index 8db725b95fe11c7c453641fd67b3518f4fdab740..0c2502c6c4a4c1ef4b5a8cceaa5bd295ba6e0894 100644
--- a/interface/web/admin/form/directive_snippets.tform.php
+++ b/interface/web/admin/form/directive_snippets.tform.php
@@ -105,6 +105,17 @@ $form["tabs"]['directive_snippets'] = array (
'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'required_php_snippets' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOXARRAY',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => "SELECT directive_snippets_id,name FROM directive_snippets WHERE type = 'php' AND active = 'y'ORDER BY name",
+ 'keyfield' => 'directive_snippets_id',
+ 'valuefield' => 'name'
+ ),
+ 'separator' => ',',
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 7827b43f26d57403cfe3b5f3b98184c49310132e..0f78f9d2bf19a524f975545d0661f85f03a51d4a 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -182,7 +182,7 @@ $form["tabs"]['server'] = array(
'backup_dir_is_mount' => array(
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
- 'default' => 'n',
+ 'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
'backup_mode' => array(
@@ -327,7 +327,7 @@ $form["tabs"]['mail'] = array(
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '2048',
- 'value' => array('1024' => 'week (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')
+ 'value' => array('1024' => 'weak (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')
),
'relayhost_password' => array(
'datatype' => 'VARCHAR',
@@ -1036,7 +1036,7 @@ $form["tabs"]['web'] = array(
'enable_spdy' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
- 'default' => 'n',
+ 'default' => 'y',
'value' => array (
0 => 'n',
1 => 'y'
diff --git a/interface/web/admin/lib/module.conf.php b/interface/web/admin/lib/module.conf.php
index 7f4d19da1abd456a7027fdd6729994edc67b2a90..727f7a2d5555918be7282dd705bf8e2f745f72b4 100644
--- a/interface/web/admin/lib/module.conf.php
+++ b/interface/web/admin/lib/module.conf.php
@@ -7,6 +7,7 @@ $module['title'] = 'top_menu_system';
$module['template'] = 'module.tpl.htm';
$module['startpage'] = 'admin/server_list.php';
$module['tab_width'] = '60';
+$module['order'] = '90';
$items[] = array( 'title' => 'CP Users',
diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php
index 37fe89a42d2102861cc9e66a659ac30d213d20a8..078cebf8608ed82d12ad8f5cc1d12d1d5f1990ff 100644
--- a/interface/web/admin/list/directive_snippets.list.php
+++ b/interface/web/admin/list/directive_snippets.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "
\ No newline at end of file
+
+
\ No newline at end of file
diff --git a/interface/web/admin/templates/users_list.htm b/interface/web/admin/templates/users_list.htm
index 1898974f384bc64d17ba926dfb5d898f83ad83b8..b7872527ff8127187f45053de94ce15963ac5760 100644
--- a/interface/web/admin/templates/users_list.htm
+++ b/interface/web/admin/templates/users_list.htm
@@ -42,8 +42,8 @@